Probably a big ask, but could you find out why one is not allowed to add your own root cert to FF and sign an addon yourself, instead being forced to use an ESR/develop/nightly version and setting xpinstall.signatures.required to false, significantly reducing your security?