Can someone please clarify below behaviours from security point of view:
Please note, application will be distributed outside AppStore.
The Gatekeeper security policy only applies to "downloaded" files. When some apps (e.g. Safari, Mail, Messages, etc) download a file, they apply a
com.apple.quarantine extended attribute to the file, marking it as being in quarantine because it was downloaded from an untrusted source. When you open the file, several quarantine-based security policies are applied, including the Gatekeeper policy.
If the file was never placed in quarantine because it was not "downloaded", the Gatekeeper policy will not be applied. Note that copying files via USB disks, AFP or SMB file sharing, etc do not apply the quarantine attribute (see this Apple.SE question).
If you want to test the quarantine behavior, you can create your own com.apple.quarantine attribute with either of the procedures described here.
If the disk image is quarantined, the quarantine will be applied to its contents and running the app will apply the Gatekeeper policy. If the disk image is not quarantined, Gatekeeper will not activate.
Under older versions of OS X (through 10.11), signing the disk image is irrelevant. If the disk image is quarantined, the app contained in it will be as well, and so the app must be signed to run.
[UPDATE] Starting in macOS Sierra (10.12), signing the disk image is sometimes required in addition to signing the app. The details are complicated, so for simplicity's sake I'll just recommend signing your disk images. But be sure to do the signing under 10.11.5 or later; that's when Apple added the ability to embed a signature in a disk image in a way that won't be lost when it's downloaded.