Public key fingerprint verification for large groups

If you were designing:

• An open source client that offered E2E encryption for e.g. folder sharing between users
• Each user had public keys for signing (and separate public keys for encryption of symmetric keys etc, but this is not what the question is about).
• The service is extra cautious by default (wanting to be extra secure) and only allows users to share if they have manually verified their other contact's public signing key fingerprint.
• A server provides a way to download each contact's stored public keys so they can generate a SHA-2 fingerprint of the public signing key for verification and also facilitate sharing.

For sharing between two participants this is ok, people can manually verify fingerprints of the public keys they download from the server and locally store some setting of the fingerprint verification in the client so they don't need to do it again.

Where it gets unwieldy is if you need to verify 3 contacts in the folder share, each person needs to manually verify each other, resulting in 6 verifications (owner/creator A->B, A->C, B->A, B->C, C->A, C->B) if they all want to be verified, all share add/edit/delete modifications are signed by each user (to know who did what) and also make sure there's no ability for a MITM to occur. It gets worse if you want to share with 5 contacts, 10+ etc.

Main question: Is there any research or best practice for having everyone in the share be verified to each other, without everyone having to verify everyone else manually?

E.g. Is some kind of delegation downwards acceptable? Like if we consider that if even one person does not verify properly, then the whole share could be compromised, so if the share owner/creator does not verify properly then the security is also compromised. So why doesn't the share owner verify their contacts, and pass along those fingerprints (signed) to the other share holders. This eliminates the third party verification requirements for B->C and C->B, they can get that verification from the share owner. Then everyone only needs to verify with the share owner.

Or is a kind of facilitated web of trust (just for this service) better? E.g. any time someone manually verifies, they append a signature to the public key of the contact as a proof that they verified. Later on other third party users in a share might see that the public key of a contact in the share has 20+ signatures attached and (using a custom threshold) they decide that they accept that.

Are there any more options?

One potential solution to reducing the number of manual verifications required in a multi-person folder share could be to implement a trust network or web of trust. In this system, users would have the option to "trust" other users, indicating that they have verified the public signing key of the user they are trusting. This trust could then be propagated to other users in the network, so that if User A trusts User B, and User B trusts User C, User A could automatically trust User C as well without having to manually verify their public signing key.

Another option could be to implement a hierarchical verification system, where the share owner/creator verifies the public signing keys of all participants in the share, and then passes along this information to the other participants. This would eliminate the need for each participant to manually verify the keys of every other participant in the share.

Ultimately, the best approach will depend on the specific needs and requirements of the client and the users of the service. It may be helpful to conduct user research and testing to determine the most effective and user-friendly approach to key verification in a multi-person folder share.