For input-addressed derivation outputs, the critical thing that has to be trusted is the content of the output path, so it is the part that has to be signed when fetching from a binary cache.

However, for content-addressed derivation outputs, the content can be checked using the store path (as the store path is essentially a hash of its content).
However the link between the symbolic derivation output (drvPath, outputName) and the output store path has to be trusted, so we should sign it on binary caches and allow checking this signature locally like we do for the narinfos.