I agree that there are legitimate reasons for these permissions, I just don't think they match up with everyone's use case for the product. This is why they should be split into plugins.
Example of how the UX for this works:
1. User chooses "attach photo."
2. If user has not installed the plugin, Signal gives them an informational prompt and a button that opens the app store link.
3. User clicks the button to go to the app store.
4. User clicks "install." Application is installed (should be quick, small app)
5. User can now attach photos from external storage.
Steps 2-4 are short and occur only one time. You would not want this kind of extra friction in a true mass market app, but I'd argue that Signal is not and never will be mass-market. (We can hope, but it's not likely.) Signal's target users, on the other hand, would be likely to appreciate this extra focus on security and user control.
I think in more recent Androids an app can defer obtaining the permission and then fail to perform the action if it was not granted. I've had a few programs do this (specifically ask permission to access external storage only when attempted) and was pretty happy with the experience.
That would be poor design. Are you saying that the Signal team would not be capable of implementing a more effective path? Other applications have followed this approach before; it's not rocket science.
If that was their intent, then yes, that would be an issue. The key is good UX; don't send the user there without explanation. A well-designed "read this!" screen is key, and even then you will lose some users. It's a trade-off.
Also, I did acknowledge that this approach will turn away "mass market" users, but again, I don't think that those users will ever be Signal's primary user base. Most people are going to use stock apps or whatever is most heavily marketed (read: whoever spends the most dollars on acquiring users). Signal frankly can't afford to buy its way into the mass market. It's a niche app, and it should focus on catering to that niche.
Example of how the UX for this works:
1. User chooses "attach photo."
2. If user has not installed the plugin, Signal gives them an informational prompt and a button that opens the app store link.
3. User clicks the button to go to the app store.
4. User clicks "install." Application is installed (should be quick, small app)
5. User can now attach photos from external storage.
Steps 2-4 are short and occur only one time. You would not want this kind of extra friction in a true mass market app, but I'd argue that Signal is not and never will be mass-market. (We can hope, but it's not likely.) Signal's target users, on the other hand, would be likely to appreciate this extra focus on security and user control.