logtools doesn't sign things currently, but it's planned for the near future.
All your objections to the signing key apply equally to the systemd signing key. In all cases the key needs to be around locally so that it can be used to sign new logs, and if the attacker can get access to it, they can delete the existing log and fabricate a new one.
Yes, the hash needs to be sent off the machine, but it's a lot less data to send than sending every log.
logtools was created as a response to systemd claiming that it's hash chains made their logging tamperproof. Unlike the systemd announcements, logtools calls out the weakness in this (that the entire logfile can be recreated unless the hash is sent off the machine)