GUI apps often come in Flatpak[1] these days - which are sandboxed[2] like you are expecting. Flathub[3] is the primary place to get GUI apps, but many distros also have their own app store too.

Flatseal[4] is a GUI that allows you to mange the sandboxes/permissions. You can also manage them via cli if you prefer.

For CLI apps, you can use distrobox[5] or toolbx[6].

[1] https://flatpak.org/

[2] https://docs.flatpak.org/en/latest/basic-concepts.html#sandb...

[3] https://flathub.org/en

[4] https://flathub.org/en/apps/com.github.tchx84.Flatseal

[5] https://distrobox.it/

[6] https://containertoolbx.org/

> On a smartphone at least I can easily assign permissions to each app.

Those permission categories are so coarse grained as to be useless. In order to pause a media player when a call comes in I have to give the media player access to the phone app. Pure madness.

Flatpak gives you a lot of permission controls for GUI apps and you can similarly sandbox a lot of CLI tools with toolbx or distrobox.