This is presumably fine for an initial install, as long as it auto-configures correctly via DHCP.
However, if you ever have issues and need a rescue image, you'd need to figure out how to do something like the OP, and do it while learning how to do it for the first time rather than having had a practice run when you first installed it.
Nice! I didn't know about miniroot*.img. It's actually just bsd.rd, boot, MBR+PBR, and bootx64.efi. Nothing that can't be safely overwritten while the ramdisk kernel is running.
Pardon my potential ignorance, but as someone that usually does the right thing security-wise, is there really much of an advantage to signify(1) and Sha256 if we are pulling the key and hash over the same HTTPS connection as what we are about to verify? It is not like with sysupgrade(8) where we have a trusted key already on disk.
However, if you ever have issues and need a rescue image, you'd need to figure out how to do something like the OP, and do it while learning how to do it for the first time rather than having had a practice run when you first installed it.