I don't believe this is a good solution: users will obviously click on that add-on install dialog box without being better informed and protected against malicious / buggy / attacker controlled web sites.
Hopefully they will move to a better solution that offers some integrity guarantees instead, like https://rwc26.waict.dev/ that they have an early implementation of in nightly builds.
Hopefully they will move to a better solution that offers some integrity guarantees instead, like https://rwc26.waict.dev/ that they have an early implementation of in nightly builds.