How can I set up a dual boot system so one OS can’t access the data from the other? Preferably Windows with full disk encryption on both.
VeraCrypt can’t do dual boot with both OSs encrypted and it’s hidden OS feature doesn’t work on modern GPT formated drives. Both OSs could be encrypted with Bitlocker, but then theoretically both OSs could still access the other OS’s decryption keys.
You cannot, and this topic from the Qubes OS Forum lists additional concerns you may need to contend with:
Note that I am unable to provide any technical support for risky/unsupported Qubes OS configurations, including but not limited to multi-boot partitioning schemes:
Couldn’t it work if each OS is a on a separate SSD?
IMO, those are factors that make sense to consider in the context of the threat models Qubes is built for, but somewhat out of scope or exaggerated for more common threat models. Not sure about OP’s threat model.
/boot is still unprotected and could be maliciously modified
This is true of single-boot as well. I don’t think it’s an issue introduced by dual-booting, and there are mitigations that a distro or a user can employ.
Also /boot can be encrypted, it just has some tradeoffs and only limited value (OpenSUSE would be an example of a distro that does this by default). Some form of measured boot would be another possible approach.
The other problem is firmware security - for example the other system could infect the BIOS firmware
Sure, but (imho) if OP is already trusting Windows enough to be willing to use it, it doesn’t really require any additional trust to accept the remote theoretical possibility that Windows would maliciously tamper with your bios or firmware in order to compromise your Linux boot process. Needing to trust Windows not to be outright malicious and hostile is already baked into the choice to use Windows, and it’s a very unlikely risk (imho).
My general advice about dual-booting is: if possible its best to only install one OS per physical drive. It’s not just easier to setup, it’s also more robust and resilient, easier to understand, and minimizes the chance of one OS doing something that screws with the other. It’d also make encryption simpler in a dual boot scenario. If using separate drives is not possible, I tend to advise against dual booting in most scenarios unless it is absolutely necessary.