Quantizing is much safer. Adding random noise is useless because one can just average multiple samples.
If you want to be extra safe, quantize the user's lat/lon before computing the distance, and then quantize the distance again.
(Quantizing only the distance can theoretically allow an attacker to travel in one direction until they see the transition from one bucket to the other which would tell them exactly when they are precisely 10 miles from the target.)
Yeah, it's important to put a lot of thought into it if users can query often like this. Removing more information generally won't hurt most use cases a ton, so it's better to err on the side of caution with good quantization as you note suggest here.
If you want to be extra safe, quantize the user's lat/lon before computing the distance, and then quantize the distance again.
(Quantizing only the distance can theoretically allow an attacker to travel in one direction until they see the transition from one bucket to the other which would tell them exactly when they are precisely 10 miles from the target.)