Honestly, this is something that I would just layer with rpm-ostree. In a toolbox, it won’t auto-update, and this seems pretty security-sensitive. Any attempt to make it auto-update would be non-atomic (although it appears pretty self-contained, so that might not matter). There’s also the convenience of having the systemd units already set up.
A flatpak could probably cover your usecase, but that doesn’t exist.
There’s also an official docker image that could be used with podman.