That's what they claim to store (and I believe it), but that's not all they can be forced to collect.
As a simple example, they could easily log whenever account xyz connects to do a token exchange for using sealed sender. Asking that of Signal won't be something I'd expect a judge would consider excessive if there is a legitimate reason.
Yes, at the limit (not sure if US laws have caught up to Australian ones in this regard) they could potentially be forced to push an app update to carbon-copy all messages from specific people at the client side, unencrypted, to the government. This is generally why people care about having the app available on F-Droid, because you can more easily analyse DIY "supply chain security" on your own copy of the app. The other solution is what Matrix does, which is to encourage people to develop many different client implementations.
Good point. It's unclear to me how much a government could require Signal does for future use of the service. Regulated telecoms are required to provide lawful intercept capabilities for phone calls. I'm actually surprised that the government hasn't argued against E2E encryption on those grounds.
As a simple example, they could easily log whenever account xyz connects to do a token exchange for using sealed sender. Asking that of Signal won't be something I'd expect a judge would consider excessive if there is a legitimate reason.