There isn't an official recommendation on which app source you should use. There are different security, privacy and ethical concerns when considering each of these options.
The Android security model tries to distrust the app source itself as much as possible. The app source matters the most when it comes to the initial installation and the frequency of updates. The app repository should represent a single app source but that isn't the case with F-Droid. If you're going to use F-Droid, you put much more trust in the client security and the project's ability to sustainably/reliably build and sign the apps you use.
Overall, I'd say using Play Store with the sandboxed approach is probably the best compromise if you don't mind making a Google account. Use Aurora if you don't want to hear about Play services in any form. Use F-Droid (and preferably with a much more modern client like Droid-ify/Neo-Store) if you want to.