Most packages that Homebrew install just wouldn't fit nearly into the kind of sandbox model that you suggested. Just think about command-line applications that can take in any file as input and process them, e.g. Git, ffmpeg, etc. Or like a compiler like clang. Even for GUI apps most Mac applications do not use sandbox / App Store because it's actually quite difficult to work within that framework for a lot of types of applications.
macOS also doesn't have a way to tag a command line application to have sandboxing, as sandboxing only works for an "app" bundle, not random executables.
This isn't really a Homebrew problem anyway. If there is this magical sandboxing capability that works, nothing stops a Homebrew package from using it.
macOS also doesn't have a way to tag a command line application to have sandboxing, as sandboxing only works for an "app" bundle, not random executables.
This isn't really a Homebrew problem anyway. If there is this magical sandboxing capability that works, nothing stops a Homebrew package from using it.