The one problem I have with the trusted files thing is that I have no way to trust non-file-visiting buffers. Why is *scratch* untrusted!? *scratch* should always be trusted, without me having to configure anything, ideally. Though a setting to automatically trust non-file-visiting buffers would be nice. I just ended up stopping using the scratch buffer because of that issue.
It's getting so very old - all I want out of a process is code autocomplete, but I have to grant it read & write permission to my entire disk and network. When do we get good permissions and sandboxing and isolation? This can't go on.
I agree granting processes permission to read any file is unsustainable.
In Linux, sandboxing with Firejail and bwrap is quite easy to configure and allows fine-grained permissions.
Also, the new Landlock LSM and LSM-eBPF are quite promising.
I build my own. Maybe I nee to externalize it...