This the service for signing the third kind of add-ons. Not the system add-on and not AMO, but those inbetween. It was decided that the certificate would be the same as with system add-ons, but it would have a different OU=. This would enable Firefox to distinguish them in the addons manager which is required by bug 1336576 and we'll need to re-sign a bunch of the internal add-ons as noted in bug 1340295.
Do you have a deadline for this effort? It ties into Autograph 2.0 which is actively being implemented: https://github.com/mozilla-services/autograph/pull/46
Firefox 57 goes to Nightly in June. We'd like to resign all the internal add-ons in bug 1340295 and test out the code for 57 before then. Perhaps a stop gap solution to get us moving on that would be needed so we can do end-to-end testing.
Given that bug 1371825 and bug 1371824 are now working, I would call this done.