Github doesn't do any signing at all nor do they rally care about the actual output of actions, pipelines or manual releases (all of that is out of their interest scope).
If there's any means of a 'secret store' for the build actions then you could store a keypair for signing the binaries as far as your target binary format and platforms support it (or go for something like a detached gpg-signature that can be stored with the build or in a central 'trusted' repository so the binary can be verified against it later).
You users however would still have no easy means to verify that signature on most platforms unless they are tech-savvy. (macOS code signing / notarization and gatekeeper check would be an example of a platform that would notify users and even fail to run the binary if it was tampered with).
That's a good point though the port is also needed to pair an iPhone or iPad to a Mac/PC (the famous 'Trust This Device' screen can only be triggered if a device tries to access the phones data via USB) which is required to do any backups / music or picture syncs in the first place. ,nd it's also necessary if youre a developer as - even at USB2.0 speeds that people complain about here - it is still faster to test and debug applications than via wireless.