I suppose the main reason is that signing is manual process and plugins are being built more often than core releases. Perhaps something worth exploring is, whether automatic signing would bring some value while it was easy to setup.
This is a very old issue (Bug #4788: Plugin rpms not signed - Packaging - Foreman). It can probably be done with a separate key from the manual signing but I can’t promise anything. IMHO it’s important as well for Katello since that relies on the plugin repo. The fact that’s GPG signed but a dependent repo isn’t makes signing it useless.