If Apple/Google want to backdoor Signal they can do so, they can also backdoor your device in this case the signature check is irrelevant if you consider them an adversary.

If you build your own using the source code then signing sourcecode effectively is near impossible since any change to it would require it to be resigned and even copy paste will likely to break the signature since now you are dependant on the encoding (ASCII/ANSI/UTF8/UTF6) and how your text editor handles spaces and tabs...

If you sign source code files you also somewhat defy the purpose of open source which is having the code be inspectable and if you do build from open source repos you either trust the repo (github in this case) and the repo is your adversary you should either not take any code from it at all or inspect every line of it manually.

Signing anything can be irrelevant or it can be critical it all depends on what are your threats and who are your adversaries.

In this case if you trust Apple/Google not to backdoor applications or your device; signature beyond what is offered by their platform is irrelevant; in any case since the signature verification is on the device if they are your adversaries there is little you can do about it since they can backdoor the verification procedure or your device in it's entirety meaning that you can't trust it.

If you trust Github and OWS you can trust the source code; you know that the source code hasn't been tampered with in transit because you pull it via HTTPS and you can review the source code and any pull and merge requests, if you don't trust Github or OWS you have to resort to manual code inspection or not use Signal at all; again signing the code offers little to no security and in effect can lead to back practices such as blind trust rather than manual verification.