It’s very close to the existing PKI ecosystem for TLS: the CA is presented a possession proof for the locally held private key, and mints a signing certificate for it.
There is no singular “root certificate”: there’s a trust root for the CA, a separate root for the transparency log, etc.
Nope. The private key is generated within the client each time a signing event occurs, and that's what is used to sign the artifact. It doesn't come from the certificate.
The certificate just binds the public key to the identity at a given point in time, in a public way. This certificate is generated every time you sign something, and is put in the transparency log.
For how this works specifically with CPython, see https://www.python.org/download/sigstore/ for details.
For how this works generally: it's the same public/private key cryptography you're used to elsewhere, and https://docs.sigstore.dev/ has more details.