Kleopatra should forbid adding sign-only keys to groups. And it should be made clear that groups are meant to be used for encryption by changing the wording from "groups" to "encryption groups" where appropriate. If a group with sign-only keys is imported, then the user shall be informed. Groups with sign-only keys shall be marked in the group dialog as invalid and it should not be possible to export such groups.
Rationale: Kleopatra's certificate groups are meant to be used for simplifying encrypting to a group of certificates. Currently, it's possible to add sign-only certificates to groups. This renders those groups unusable for encryption which is a usability problem. The users won't know why some group doesn't work as intended.
A secondary use case for groups is defining aliases for single keys. Forbidding sign-only keys in groups will prevent defining an alias for a sign-only key. We think this is acceptable because people can configure such an alias in their gpg.conf using gpg's group option.
Edit 2024-02-15: Changed "sign-only keys" to "non-encryption keys" in title because this applies to any keys that cannot be used for encryption.