I understand that Provisioning Enclave (PvE) is a special enclave. Please clarify the following questions.
To find out answer of these questions, I advise that you can read the source code of PSW. All the achitecture build-in enclaves are inside the PSW package.
Architectural enclaves are loaded by the aesm service "when needed". That means PvE is loaded during the EPID join process, QE is loaded the first time you request a quote etc.
Architectural enclaves are signed by a special Intel key that is privileged (CPU/microcode checks the signature and only allows enclaves signed with this key to be privileged). Documentation mentions possibility for custom Launch Enclaves (not signed by Intel), but this currently is not possible as far as I know.