Is there any reason to run mail software on my web server
You need the mail server so that your local processes (like logwatch) can send mail. However, you can configure the mail server to only listen on 127.0.0.1 not on all networks, and that means that outsiders can't use it. That will reduce your "attack surface" (good term, by the way, I've never heard it before).
The usual answer for part 3 of your question is to put in an alias in /etc/aliases or where-ever your chosen mail server keeps its alias file. By default, those files usually alias a whole bunch of things (like "webmaster" and "bin") to root, and then at the end of all those, you put in another alias that aliases root to you.
You need some kind of MTA on your box, because most services don't know how to talk to a remote SMTP server and rely on sendmail(1)
.
On the other hand, you don't need a full fledged MTA like sendmail or postfix. You can use for example nullmailer or ssmtp (available as packages on Ubuntu) which doesn't implement the SMTP-listening part.
This minimal MTA in turn should be configured to relay your email via your ISP's mail gateway.