Why limit it to few tools from a tool registry when running in a full sandbox using QEMU or thinner like Podman/Docker literally takes 10 lines of code? You can still use your real files with a mount point to a directory.

To be clear I'm not implying any of that is useful but if you do want to go down that path then why not actually do it?