

Why write off iCloud? Just turn on the advanced data protection feature for end to end encryption.
If you want to self host, while I’m not familiar with Goodnotes I bet you could write a simple Apple shortcut to take those files to a storage provider like nextcloud then just automate that shortcut to run daily, weekly, whatever.
Self signed certs still have to abide. It’s the browser that checks it not the issuer. Now granted in most cases you already get a non trusted warning that most sysadmins skip…