I’m going to second @anon57862721 in saying that, first and foremost, the answer to your question is “it depends”. What is your threat model? What tradeoffs are you willing to make?
I am a Fedora Atomic user and in most cases, if there isn’t a verified Flatpak, I just use the recommended installation method from the developers. I also use toolbox for command-line utilities sometimes, but most of what I use in that department I just compile and install myself.
If you’re going to install Signal desktop, I would suggest doing so in some sort of Debian container/VM since that is the only officially supported desktop platform. That being said, I’m also of the camp that prefers avoiding Signal desktop entirely in favor of strict mobile use. (Related: Is Signal Desktop considered safe to use?)
For Steam, I suggest looking up games you play in your search engine with something to the effect of “<game> flatpak issue”. If your threat model affords you the possibility of using the non-Flatpak version of Steam, you might find this preferable if there are any particular discrepancies in how you like to play your games (for example, modding Stardew Valley is (was?) different between Flatpak and non-Flatpak. Though it should be possible on either, I had a very hard time with getting it to work with the Flatpak version… which ultimately led to me switching off of it).
You very well might have issues regardless, to be fair. I recently had multiplayer in Stardew Valley completely unusable because of a glibc update fixing a security issue that was being misused by… quite a lot of programs, from what I hear. (See: Linux - Galaxy API not loading with glibc 2.41 | Stardew Valley Forums)
Again, it depends on your threat model, but if you aren’t at particular risk of targeted attacks, I think you’re probably best off doing whatever “just works” in this situation. I think if you’re in a situation that really warrants running steam in a container you might be better off rebasing to secureblue (which provides commands to install steam and restrict flatpak permissions for you - very user friendly IMO).
Beyond your threat model, another question to consider: you identify yourself as a “linux newbie” and “not that much tech-savvy” - that’s perfectly fine, but the question is, are you interested in changing that? Identifying yourself as such might bias answers towards “easy” at the cost of “effective”. If you’re willing to face some challenges and learn a few things, though, it might change the advice people have to offer. It also might not! Just something to consider.