How can we sandbox our development machines?

Developers need ways to safely run untrusted code without risking machine security. Current options include dev containers, Nix sandboxes, and Docker/Podman solutions, but an ideal system would allow granular permission control over filesystem access, network capabilities, and environment variables. Such sandboxing would enable safer testing of new packages, handling sensitive data, and contributing to projects without exposing personal secrets.