Verifying signing keys is one thing, but even better, f-droid.org can verify that the APK builds 100% from source, and that the APK f-droid.org builds matches the developer's official released APK:
https://f-droid.org/wiki/page/Deterministic,_Reproducible_Bu...
What would the OS check the signature against, though? The certs that come with the OS are for validating sites, not apps, so passing a check wouldn't tell you much. It seems that Android would have to add a whole new cert store (and mechanism for adding certs), not just a couple of lines.
That's not true at all. CA and leaf Certs have extensions and policies and can be used for any particular purposes. All the cert verification has to do is check for the code signing extension / policy.