Presumably because how would it differentiate between a legit "already installed" extension with a signature that cannot be verified, and an extension installed by malware that also cannot be verified?
We have a technical method to do so, but the site has not been created, that I know of. For example:
* A domain name like ipfs://nytimesmirror.com that mirrors nytimes articles (at the same relative URLs)
* Some kind of crowdsourced process for content curation.
I'm aware that it's not legal, but I wouldn't be against it. Content piracy has been a catalyst for change. I simultaneously would be willing to pay nytimes for access to their content but I'm not willing to sign up to a $15 / month subscription. So if their content was widely pirated using delivery method like IPFS they might be incentivized to problem solve that for me.