I think one of the most compelling reasons of using ssh for signatures is the possibilies of ssh-agent and especially agent-forwarding which allow for incredibly portable workflows like ssh to a ci/build host/container to sign some production binary/container/tag.
Please note that these come with their own pitfalls and precautions you'll need to take to ensure your key's safety!
If you consider agent forwarding i'd recommend use of "ssh-add -c" to have your agent at least confirm every use of your private key. Generally for private key security i'd always use a hardware token. Modern yubikeys are really easy to use and you can even enable touch policy instead of the agent confirmation. The UX for this is still a bit lacking in the tooling though.
Please note that these come with their own pitfalls and precautions you'll need to take to ensure your key's safety!
If you consider agent forwarding i'd recommend use of "ssh-add -c" to have your agent at least confirm every use of your private key. Generally for private key security i'd always use a hardware token. Modern yubikeys are really easy to use and you can even enable touch policy instead of the agent confirmation. The UX for this is still a bit lacking in the tooling though.