Flatpak Security Question | Signing And Key Managment

I have read the Flatpak docs and GPG signing the app is mentioned during the
build process, but I would like to clarify a few security questions.

When a user downloads a Flatpak app from a remote like Flathub, which
signing keys are verified? Is there a single signing key for all Flathub
(or other remote) apps, or are the Flatpak app builders/developers in
control by signing their apps individually (and the Flatpak application
verifies the developer keys)?

In other words, if I download Brave from Flathub, can I be
cryptographically sure that it came from the Brave developers, or could
Flathub MITM the software distribution by turning into a malicious actor
or through a hacking attack?

Personally I would say that the process should include signing by the
developers so that Flathub cannot act as a malicious entity, and at the
time Flathub signs the developer keys to whitelist and reduce phishing
attacks. This would be the perfect signing infrastructure as I understand
it. Is that how it is?

Thanks for your time. If you don’t understand my question, please ask again.

A single signing key is used for all applications, so users can’t verify the authenticity of applications. This is consequently preventing me from publishing my application on Flathub.

I wrote about some of my findings here: Flatpak app · Issue #47 · feather-wallet/feather · GitHub