I’m new to GRAV and relatively new to web dev in general too.
I’ve just seen this in the documentation and I’m wondering how does this work?
How does it protect me from spam bots?
And is this enough or should I combine it with other protection measures?
That is one of the less points in the documentation without a explanation. Maybe because its pretty obvious for you, but not for me. 
If we open our hymnals to an earlier page, we find a better description of the filter: https://learn.getgrav.org/16/themes/twig-filters-functions#safe-email. Specifically: {{ "someone@domain.com"|safe_email }} yields someone@domain.com. For naive bots, that scour the net for public e-mail addresses, this will not be picked up. If you want to protect it further, you’ll probably want to use a contact form.