That repo looks more maintained than the apparmor-profiles by the looks of it. 
They use confinement for system processes under the targeted policy, while user processes are not which is more a less the same.
With the Firefox snap, also does not interfere with the User Namespaces sandbox and therefore is set to true under about:support. See Does Flatpak weaken Chromium/Firefox's sandbox? With Chrome it’s less of an issue because of Zygote’s spawn strategy.
Flatpaks you can modify permissions sandbox permission, or use something like Flatseal. Snap has interfaces, which are similar.
Flatpak also doesn’t block too many syscalls and it seems these are hardcoded. Snap attempts to generate filters for snaps that have Strict confinement.
A manual Bubblewrap policy outside of Snap or Flatpak is probably the most secure option (but also most difficult) as you can expressly set what seccomp filters you want, better than Firejail anyway.
What I do mostly for ease is use the distributor’s package for Firefox/Chromium as I consider it secure enough and where I particularly care I containerize the app ie with podman which can take a seccomp filter list.