I think the app will be a sys app
Yes, that would probably be best.
The app should be signed with the ROM key (obtained from manufacturer) so it could install APKs bypassing Android secuity (not sure if it's enough though).
The only way for an app to be a system app is to sign it with the system key. I expect the carrier (not manufacturer unless they're the same/working very close together) will not give it to you. Generally what happens is that you give them the unsigned APK and they sign it on their side before deploying.
The app will have Install_apk authorisation (among others).
I assume you mean INSTALL_PACKAGES
. Only for silent installs. Otherwise you don't need this permission.
The app will call pm install package (so it'll display the package authorisations) .. not sure about this too.
I expect not. This related question might help you. You'll want to just open the APK in the general installation case as you want the user to see the normal installation dialog.
How about pakages updates ??
What about them? Also, this is somewhere you might want silent installs, but you don't want to do it blindly.
Finally I'll send the app to the manufacturer to include it in the ROM.
Sure.
Is it feasible? Sure, plenty of other people do it. If you want anything more, you'll have to be more specific.