Indeed. Microsoft uses various file formats and packaging that we don't. If Linux distribution X were doing UEFI bootloader signing, I expect they might seek the "convenience" of wrapping things up in a deb, or an rpm, or similar container. And the similar "convenience" of using "this set of tools that everyone knows every Linux person has and always uses...". So, similarly, that they use CABs and so on isn't surprising. In fact, in the Microsoft world, that sounds pretty clean and neat as part of their process. They probably have decades worth of tools internally that can handle those.
I'm also not surprised they disallow the GPLv3. That revision of the GPL was specifically crafted to make cryptographic signing of bits difficult - the so called "anti-tivolization" provisions, and so on. I think GPLv3 is an overreach and goes too far, but that's my personal opinion. However, many corporations have also been very reluctant to even touch it (see the re-implementations of GPLv3 stuff in the embedded space as an example of where this is going over time). I expect someone in Microsoft legal blanketly put the brakes on going anywhere near it out of a fear of what might happen.