Thanks for the help. I will definitely take that advise into account.

I heard about the sandboxing being especially sketchy, thanks for a point in the right direction for mitigation.

Additionally, any thoughts on snap? (presently looking into Flatpak)

Functionally, it is very similar to Flatpak. The main reason people do not like it (for reasons independent of sandboxed applications in general) is that Canonical controls the store and that it is not open-sourced, and that it is very difficult to remove it on Ubuntu setups (a major pain-point for people who need an unsandboxed Firefox setup).

I wouldn't use snap or Flatpak, just sandbox using bwrap or firejail. They are really easy to use.

Containers also provide good development sandboxing. With distrobox you can run many distributions inside your own within a clean and isolated environment.

Just use flatpak. Let's not steer newbies towards barely maintained untested bespoke solutions.

Flatpak uses bwrap, it's not esoteric folklore software. The OP asked a serious question and they're entitled to a serious answer.