Hi Mark, as stated above, for a third-party snap store to have all the security features that snapd offers, snapd needs to be patched to allow custom signing authority.
Would the snapd team take patches to allow that ? If so what mechanism would that be, can the signing authority be picked from environment variable (there are security implications). Maybe snapd could have some sort of “developer mode”, which, if enabled, allows setting custom signing authority.
Here is how we patched snapd Custom assertion possible? to add our custom signing authority.