Sure, why not? I put it after the checkout to make sure that we are checking the files that are actually included. But if you also include check-manifest, that shouldn't be a problem. Maybe I should depend on check-manifest and include it as a test?
Well, yes, but not much more. However, since that metadata usually depends on several files, such as README.txt etc, they need to be included in the package. If they are not, running pyroma locally will work, but the package will be broken.
The aim of pyroma is to check that the package is properly packaged. As such it also checks that you have more than one owner on PyPI, if you use it to check a PyPI package.