Does this mean that I canโt use any permission with a signature protection level, so all permissions defined in the Android API and having this level of protection are not available to everyone except the team that is developing it?
Generally speaking, yes.
In particular, the signature -level permission means that the application protects itself with this permission (for example, through the android:permission attributes), and the application tries to talk to the first application that needs permission (the <uses-permission> element) must be signed by one and the same same signature key.
If the application protecting itself is part of the firmware of the device or the OS itself, only applications signed with the same signature key, since this firmware can talk to the protecting application, while holding this permission.
However, if you write application A that protects itself with signature permission (for example, user-defined), and you write application B that wants to talk to the protected parts of application A, you can do this if you sign applications A and application B with using the same signature key.
CommonsWare
source share