> What is the convincing reason that MicroSlop is the trusted party to sign the shim with their (presumably NSA-blessed key)?

For OEMs, presumably the stranglehold they have on them via Windows. For users, not much, but none of the ones making these decisions really care about that.