like_escape() only escapes % and _ characters. The entire function looks like this:
function like_escape($text) {
return str_replace(array("%", "_"), array("\\%", "\\_"), $text);
}
Quoting from the Codex, esc_attr()
Encodes the <, >, &, ” and ‘ (less than, greater than, ampersand, double quote and single quote) characters. Will never double encode entities.
Always use when escaping HTML attributes (especially form values) such as alt, value, title, etc.
(Emphasis mine.)
Further reading: Data Validation
Edited to add — I didn’t address the first part of the question: If WP_User_Query does its own data validation, then do we really need to use esc_attr() at all?
The Codex page for WP_User_Query doesn’t seem to say one way or the other whether any data validation is done. (Searching the page for valid and escape turns up nothing, as well.) This, combined with a note from the esc_attr() page — “Will never double encode entities” — indicates to me that there’s no harm in using esc_attr() on the values you’re passing. Better safe than sorry, especially with untrusted user-provided data, right?