Made some odd progress when working on this myself. I have a SPM with a XCFramework as a binary target. I decided to go off the beaten path and manually sign it anyways even though it's a local binary rather than remote binary. Dyld made it past the linker phase, recognized the checksum generated by Swift per the docs, and failed with the following output in the console.
dyld: launch, loading dependent libraries
DYLD_LIBRARY_PATH=/usr/lib/system/introspection
DYLD_INSERT_LIBRARIES=/Developer/usr/lib/libBacktraceRecording.dylib:/Developer/usr/lib/libMainThreadChecker.dylib:/Developer/Library/PrivateFrameworks/DTDDISupport.framework/libViewDebuggerSupport.dylib
Why it died while loading the debugger library I have no earthly idea. My dependency is nested in a dynamic library so I'm interested as to the outcome manually signing a local binary will have for anyone else. It's not hard to override. Show the package in finder from Xcode. Zip your binary. Follow the docs instructions on deriving the checksum for a remote binary. Unlock the Package.swift file, add the checksum field to the binary target as though it's remote. Clean, build, run. It makes it past the checksum and fails at loading the debugger for me. Hopefully for others it does not.
Obviously this is not an ideal outcome but I'm searching for a workaround because I would very much like to kill the last of my Carthage dependencies in favor of a SPM dependency graph.