Security with building AOSP from source

This video inspired me to follow the AOSP Docs to build AOSP from scratch. I heard that I lose some security compared to AOSP forks like CalyxOS because what I build myself hasn’t been signed and is considered a ‘development/userdebug build’. Is that true? If it is true, how do I sign the build?

I might be completely wrong with my knowledge here, I haven’t built android before.