Arch has a page where they list their trusted users. Manjaro does not such a list - I know this forum has a list of all admins and moderators (which can be seen as developers) and there is a page with the Manjaro Team.
Can the latter be seen as a trusted user list - users who are able to sign/package all packages and ISOs? Or are there additional humans (not listed)?
BTW I love that you have a central place for everything (the Gitlab instance) and you try to be transparent as possible