By default, Gatekeeper only requires signing with an Apple-issued developer certificate, not distribution through the App Store, and even then only affects applications downloaded from the Internet through a Web browser or other application that intentionally sets specific extended attributes on downloaded files. Which, unless it wants to trigger these warnings, Steam would never do.

Unless I'm mistaken, (non-ARM) Windows works the same way, except Microsoft relies on third-party CAs to issue code-signing certificates (and, pedantically, NTFS calls extended attributes "alternative data streams").