I'm not familiar with lineageOS but with GrapheneOS any off the apps don't have privileged permissions this includes the Google play services. Google play services works like a normal app via Sandboxed Google play compatibility layer. The layer teaches the play services work like a normal app in standard app sandbox. Because of that, the check of side loaded apps whether or not have been verified by a ID via privileged GSM services are not possible. https://grapheneos.org/features#sandboxed-google-play