We also have the same problem, building the app with Azure DevOps pipeline, using manual signing. We've set three .mobileprovision profiles (for main app, watch kit and watchkitextension).
Main app is correctly signed, but the watchOS app is signed as com.apple.WK.
Error in Azure DevOps logs is:
*** Error: Asset validation failed Invalid Code Signature Identifier. The identifier "com.apple.WK" in your code signature for "My app" must match its Bundle Identifier "com.organization.organization-MyApp.watchkitapp"
It's furstrating to see the same error not being solved for more than 3 years.