Technically, a developer can contact vendors to include their keys to Secure Boot, but that would require asking all of them and them responding positively. So, in practice, it is commonly Microsoft that controls it since obviously just about any vendor will support their signatures.