Can a forged Microsoft Authenticode signature or a custom catalog signature allow a Password Filter DLL to bypass Additional LSA Protection?

No, neither a forged Authenticode signature nor a custom catalog signature added to the system's security catalog database can bypass Additional LSA Protection. The protection specifically requires a legitimate WHQL-certified catalog signature (not an Authenticode signature) for any DLL loaded into LSA. As noted in the article Configure Additional LSA Protection to monitor Password Filter DLL, even if the DLL has a valid Authenticode signature, it will still be flagged by the Code Integrity check and logged as Event 3066.