Their process for extension signing has sped up significantly in the last month or two, and I’m not sure if they ever added extra links to this info before you submit an addon, but you can actually find the automatic checker they use for pre-screening addons and use it to get its warnings out of the way before submitting at all. There was an easy docker container to pull to use it the last time I looked.
Note that it doesn’t just flag security issues, but also warns about some things known to hurt performance.
Sometimes you are asked to submit an export of your source repo if you have something bundling or transpiling code.
Now if it only required/enabled “restartless” extensions…