Sigstore maintainer here. I'll try to answer questions!
Are there plans to integrate it with something like Crev[0] for tying trusted code/security reviews to the binary artefacts?
I suppose the people you trust to audit some code will likely not be the same people you trust to do build verification for you, but it might be nice to manage those trust relationships in a single UI/config.