Through web3 transactions, the private key is used to sign the initiated transaction to verify the transaction information and prove the owner of the address.
But in the transfer method in the smart contract erc721, I did not see the code related to the signature
Does this mean that as long as I have the address I can make the transaction directly without the need for the private key to sign
Each smart contract method is executed after it's been verified (by miners/validators) that the transaction has been signed with a private key corresponding to its sender address.
In other words, you don't need to perform any private key validation in your smart contract - it's been done on a lower layer.
Does this mean that as long as I have the address I can make the transaction directly without the need for the private key to sign
You always need the private key to sign a transaction. Emulators used for development (such as Ganache, Hardhat, JS VM in Remix IDE, ...) usually hold the private keys and sign the transactions for you so the signing process might be sometimes hidden, but a valid transaction always needs to be signed with a correct private key.