So if Google doesn't like the app in question (such as ReVanced, NewPipe, etc), they can simply target that signing key to completely disable the app on all devices, even if it's not distributed by them.

Having the file signed by a relatively centralized authority makes it much easier for Google to gain control outside of their realm.