I want to gather some Info on that topic.
Flatpak uses its own permission system, but currently many apps have very broad permissions.
I am also not sure if some permissions are missing, like Clipboard access or “everything but my ssh keys”.
I heard Flatpaks are kind of a mess, but Fedora Flatpaks are not widely used for many reasons, they are unofficial and use a nonstandard runtime.
So would one need to create a new context for every Flatpak? Could the one of the RPM be taken, or are they different for example because of how they access the filesystem?