I don't think containers are enough especially for the security side of things.

Imo microvm's+ dev containers seem like a good fit though

Totally, devcontainers are fantastic! In this agent sandboxing space there's also Leash, which in addition to Docker/Orbstack/Podman provides a sophisticated macOS-native system extension mode - https://github.com/strongdm/leash