Not sure if your post was satire, but isn’t everything you mentioned doable with apt already? Signal already has an official apt repo so all you need to do is the standard apt upgrade and everything including signal would be updated.
The problem with that is now you've given a 3rd party power to update your system in any way that they want. Which is fine when it's just signal but less ideal when it's 20-30 randomish companies of varying degrees of trustworthiness. The point behind flatpaks et. al. is sandboxing applications so that they can be safely updated automatically.
I don't use apt but I think you can use the pinning feature in apt and only allow the Signal application from Signal's repo. It doesn't solve all problems since they could add dependencies from other repos, but at least it is partly stops them from adding their own dependencies in their repo.
