If Signal is end to end encrypted (or even just encrypted to a server that has no backdoors) then observing the network traffic towards that server (which is what the compromised VPN would do) wouldn’t help. This is how even “basic” HTTPS remains secure against malicious attackers.