Also, extending this further, instead of new ioctl flags over to translate a tidfd one might introduce later for thread targetted signals (which would still be a pidfd in the struct pid terms, but with a bit set in its reference to target the selected TID in particular), you could resolve this neatly to the proc entry of the task itself, which would be subject to restrictions similar to a regular open call, minus all the races involved. This also means you can get rid of having to support the /proc/<PID> dir fd in pidfd_send_signal, because there is no incentive to, any longer. The kernel now has just one pidfd object, well scoped in its purpose, and this "feature" is tied to procfs itself, disabling which takes away the feature as well. Otherwise, the ioctl will be conditionally available and/or work only when procfs is present, and you'd tie procfs to pidfds eternally as ABI.
