Its not 100% what you're looking for. Probably an 80% case..
But try looking into QubesOS. You create domains where applications can do whatever in the domain (a contained VM). So your personal domain is separate from your bank domain, which is separate from your media domain.
Of course, domains themselves can do naughty things. But they cant cross over to others.
And system resources are a separate domain, as is networking.
Some downsides - gaming is a no go mostly. And if you do SDR stuff, the USB domain is a heavy hit on performance. You really need dedicated machines for those things.
But try looking into QubesOS. You create domains where applications can do whatever in the domain (a contained VM). So your personal domain is separate from your bank domain, which is separate from your media domain.
Of course, domains themselves can do naughty things. But they cant cross over to others.
And system resources are a separate domain, as is networking.
Some downsides - gaming is a no go mostly. And if you do SDR stuff, the USB domain is a heavy hit on performance. You really need dedicated machines for those things.