Maybe we can start by filtering out the most outrageous applications:
anything that uses --filesystem=home, --filesystem=host, or unfiltered
session bus access. That still leaves plenty of possible sandbox holes,
but it's better than nothing.
We could do this just in GNOME Software and KDE Discover for starters,
but it'd probably be confusing for the software centers to show fewer
apps than Flathub has available. So maybe would be better for the
software centers to just present the apps as insecure, and try to
convince Flathub to have them removed.