The proper way to verify an APK is to get the fingerprint of the certificate from a trusted source (preferably one that isn't published where the APK is hosted so you mitigate the risk of a single point of failure). Then, with apksigner (instructions to install may depend on your OS), run:
apksigner verify --print-certs --verbose my_app.apk
Then proceed to compare the fingerprints.
Modern APKs should use a proper signature scheme and they don't work with legacy tools such as GPG. It's true that F-Droid additionally sign them this way but this doesn't mean that's a useful thing. In fact, GPG would be a clearly inferior solution because it suffers from numerous issues.
There might be third-party apps to do that directly from your phone but I can't vouch for any at the moment. Also it could be something GrapheneOS might look into in the future, so stay tuned.
As you may already know, Android pins the certificate upon the first installation of an app, and enforces signature check for app updates, so you should only bother doing that for first app installs.