Snaps are pretty terrible IMO, so I usually end up bootstrapping a custom Ubuntu image without snap for this reason (and others) for my cloud images. Definitely not general purpose though.
Go to the snap site and try to find a security section that describes how snap packages are signed. You won't be able to find it because it doesn't exist, and they don't highlight their own security vulnerabilities.
What I can cite is how this should work, for example how apt signs all packages by default