In my opinion, it's not a good idea to use (symmetric/asymmetric) keys as Additional Authentication Data (AAD) in GCM as AAD is only authenticated but not encrypted. The key will be protected from modification but will not be confidential anymore. Is my understanding correct? (But maybe using a public key as AAD would be okay?)
Another side question is that, could the output of GCM, authentication tags, be referred to as digest?
Yes, we don't send the keys directly. One must keep the keys secret, all the time!
Instead, we send the key with a public key cryptosystem like RSA-KEM or better apply key agreement like Diffie-Hellman Key Exchange (DHKE) and better use Elliptic Curve version (ECDH). If you looking at some existing libraries look at libsodium or the age libraries for existing good implementations.
AAD is not mean to be secret, rather open and can be a part of the protocol like the record number, etc. It is additional information incorporated into the authentication tag calculation. Thus any change in AAD will be detected.
Digest commonly referred to as keyless hash, the GHASH, on the other hand, uses a 128-bit key to derive the authentication tag. If you insist, you can use it as a keyed hash function, too. But rather prefer HMAC instead of GHASH.
