This is a V3 initiative for a New Security Model. https://wiki.mozilla.org/FirefoxOS/New_security_model
This Meta Bug is for tracking the "Verifying signatures" implementation, a sub-component of the bigger New Security Model project. https://wiki.mozilla.org/FirefoxOS/New_security_model#Verifying_signatures.
To load a webpage in a signed package, the user navigates to a URL like "https://website.com/RSSReader2000/package.pak!//index.html". The part before the "!//" is the URL to the package itself. The part after the "!//" is the resource path inside the package.
So loading signed content does not require an installation to happen. Simply navigating to a URL like the above is enough.
When the user navigates to such a page, Gecko will download the package from the webserver. Gecko will then see in the header of the package that the package is signed.
Before serving any resources from the package to the rest of Gecko, the network layer will first wait for the signatures to be loaded from the package. It will also verify that the resource that is currently being loaded is covered by, and matches, the signature.