Ah yeah, true, getting just the signed XPI should work as well.
And well, it is tricky. The signing requirement allows them to block malicious add-ons, which could also be used for state censorship.
I think, offering a separate path for people to install unsigned extensions, if they need it, while blocking them for the majority and therefore making them inviable for malware to target, that's in principle a smart compromise.
Also, side-note: Folks who are on Linux likely don't need to install a separate version of Firefox. Linux distros tend to compile with the unsigned extension support enabled (just need to toggle the flag in about:config).