None of the devs have built such a tool yet because we trust ourselves. It is simple to implement in the toolkit right now but then you either have to strip it down until it's small enough to audit (the hard part) or you'd just be trusting us anyway.
No one is questioning you. However I prefer to sign on a machine that is offline. Produce the signature there. Then transfer via USB and then import it. This is the safest.
Even if your software is trusted most people's machines aren't!
With AGS not being liquid this is a big deal.
And I beg you to add this to the code it is relatively easy to do. And should have been the default way to import keys in the toolkit.
Going forward this is a must for BTS DACs