Unless you’re running malware, I doubt the developers of normal applications are going to circumvent a specific form of sandboxing on the already tiny Linux market share just to do something the user doesn’t want in a way that could result in terrible press coverage, so the actual “strength” of the sandbox in your use case probably doesn’t matter much.
I believe Flatpak (or maybe Snap if you’re on Ubuntu?) should be able to do this. If it’s not done by default you can just use Flatseal as Eebzter suggested.