You can still verify their email address for password resets. You send the link with the email address to the alias and Apple forwards it to the user.
But the whole purpose of using SSO is that you are not responsible for passwords - the IDP is. You should just be able to store the user id.
Besides, why use any third party identity provider if you are still managing passwords? You said that you needed an email address to send a password reset link.
Correct but irrelevant. For aiding the registration of legit users, verifying an email address is beneficial as a way for them to ensure they are able to recover their password.
Why do you need to help them recover their password if you’re using a third party?