This is the first time I've ever heard of someone keeping private source-line-attached notes in a codebase. I work with very large codebases, but if I discover things about the codebase that required spelunking, I generally turn them into comments or documentation.
Of the requirements that you've laid out, I'd suggest that you need to either relax requirement 2 or 3:
If you relax requirement 2, you could keep your notes in a private fork.
If you relax requirement 3, and make your notes suitable for public consumption, you could submit your notes as comments and make the codebase easier for everyone to understand. (Or, at least, you could submit some of your comments, making the remainder easier to maintain privately.)
You wouldn't even need to relax requirement 2 too much, rebasing your commented fork on the trunk would actually help you keep your comments up to date.
Of the requirements that you've laid out, I'd suggest that you need to either relax requirement 2 or 3:
If you relax requirement 2, you could keep your notes in a private fork.
If you relax requirement 3, and make your notes suitable for public consumption, you could submit your notes as comments and make the codebase easier for everyone to understand. (Or, at least, you could submit some of your comments, making the remainder easier to maintain privately.)