Well, ideally I would like the OS solving this problem by simply chrooting/sandboxing apps to their own little worlds, with a proper API giving them optionally a way to the user's file system, similarly to android and iOS.
That is possible on Linux [0], but this kind of separation comes with its own can of worms. However, if your only worry is access to folders, Flatpak applications keep all of their data in a folder away from your home directory and use "portals" to access your system [1]. The security of the sandbox is debatable [2], but I would say if your biggest goal is containing non-malicious but badly behaving applications from messing with your system, then it's a very good solution, given you are comfortable with using Flathub (as most distributions won't build Flatpaks) and with the performance/integration impact this distribution method has.
…and macOS. Sandboxed Mac apps get their own little home directory in `~/Library/Containers/`. To access anything else, they need to ask through system APIs.
