Not from a security point of view, but if you want to make sure you get the content you want, validation makes sense. After all, escaped script tags don’t look great on the frontend.
You could use regex validation, for example to make sure that editors do not enter any script tags.
Probably yes.
Note that you might not want to escape all content in textarea fields or prevent tags in general through validation. There may be cases where you want to allow HTML tags or even script tags.
Users with Panel access can in general do more harm than adding scripts in text files. Depending on their rights, they can just delete anything or write content that hurts the company, so why should they bother with XSS attacks?
The bigger problem are certainly people who get access to the Panel or your server without having legitimate rights to be there.
See also this post: Safety aspects of kirby (compared to...) - #3 by bastianallgeier