QubesOS had the right idea. You want layers and layers of security, with multiple VMs at the root.

Devcontainers (I know it's not a full VM, but it's most prominent version of this "isolated development environment" concept) wouldn't fully protect you against this. Github credentials are automatically pulled into the container. If you are using other cloud services that need to be accessed within the container, this cred stealer will grab their creds too.

It would limit the blast radius, which at least is an improvement.

it's not going to help if you share a cache across security boundaries. That is what happened here and seems to be driving a spate of github action related problems.

Or a vm per container, if you insist on containers. I've have a couple of relaxed weeks recently due to running everything on VMs rather than some random Kubernetes service.

Luckily, projects using more secure language ecosystems like C and C++ are spared this kind of problems :-)