What’s the point of providing file signatures for verifying downloads?

Many projects offering binaries, also offer checksums (e.g. SHA256) of those binaries, e.g. as ASC files. This isn’t to protect against network-caused corruption, as that’s ensured by the TCP protocol.

Given that the binary and the .ASC file are downloaded from the same server (example from very sensitive software), what attack scenarios does this technique prevent?

If an attacker managed to tamper with the binary, why wouldn’t they tamper the signatures in the same way? Same for the attacker performing MITM and tampering the download in transit.

I can imagine that a separate, secret, monitoring bot hosted on a completely different system, could download the signature file every minute (given its tiny size) and check it against tampering, but I haven’t heard of this being done.