Signing an unsigned apt repository is about three gpg commands though. I don't see how this kind of thing requires a whole separate product.

Yeah, solving this locally for one repository definitely isn't that hard at all. Most of the features we're building become useful when you're trying to build CI integrations for a larger team while also complying with enterprise security requirements (e.g. audit logging, HSM key protections, etc.).