I wrote the article, so I'll try to go back and clarify that section. The term "site" in this context has a specific technical meaning, much more tightly defined than when we're just referring to a web site. The important concept to understand here is the idea that a "site" represents a security boundary, i.e. everything under that point is controlled by a single administrative organisation.
So, web.dev is the site, which is it's effective top-level domain (dev) plus the single label to the left (web.). Any sub-domains under that are still controlled by the web.dev site, e.g. images.web.dev or thumbnails.images.web.dev for example. Because a server can just create arbitrary numbers of sub-domains, they have no meaning in terms to separating the data sent to that domain from the browser.
The term "eTLD+1" is often used as well, which means effective top-level domain + 1 label to the left. The reason for "effective" in that definition is where the Public Suffix List comes in. That's what allows the separation of sites on hosting services like GitHub sites or Google App Engine.
So, for example com is a TLD. That means a.com, b.com, and c.com are all separate sites because each of those domain names must be registered separately. However, sub1.a.com, sub2.a.com, and sub3.a.com can all be created arbitrarily by that domain without any registration.
However, github.io is an effective TLD because it hosts lots of separate projects, therefore a.github.io, b.github.io, and c.github.io are all separately registered projects. However (if it was allowed by the platform) sub1.a.github.io and sub2.a.github.io are part of the same project.
You can see the definitions here:
