I did read your proposal, but my comment can be framed in the context of your tl;dr:
You had to be motivated, afterwards it looks horribly long ;-)
You don't really seem to want GPG signatures, just a whitelist of package maintainers by name. Any AUR helper could implement support for this today, with no changes to the AUR.
Of course, this is a working solution and can be implemented right away. But it has not the same meaning. Maintainer's name gives me the information that I am installing a package that claims to be provided by this maintainer, or uploaded with this maintainer account. GPG signatures will add the certitude that I'm installing the same package as the maintainer wrote in person. I admit this is not happening really often, but in some case like an AUR website weakness, an usurpation of maintainer's identity or the intrusion of a government in "the internet", this will offer more certitude into the packages (like for official ones). I can live with the current situation without problem, but IMHO, offering the possibility to provide GPG signed packages would be a great plus in the future. Regards, ++ Fabien