The DSN is not a secret, worst thing someone could do is sending events to your account.
All “analytics” services have this problem.
If that ever happens you have a few options tackling this, you can either block off certain request or cycle the DSN.
So having it in the repo is fine.