You can try to enable signature in mavlink 2.0 first. I personally did not test SHA256 hash performance but i will not surprise if that slow the processor down, and, as more bits needs to be transferred over air, you may suffer larger probability of packets loss. I do not think current main stream processor has hardware acceleration for that. If you try to use a different processor then you need to port the PX4 stack to that processor.
The other aspect will be to find a radio channel with robust encryption support like AES/RSA, etc., cipher. Again as more information needs to be exchanged you will experience more chance of link broken or packet loss, which, basically ask you to use more complicated channel coding scheme to reduce that effect.
All these i do not think are available in open source space and needs to be explored other than simple insertion of one or more components to accomplish a pro solution.