Is there around a Linux distro that manages to get compartmentalized apps (Snaps / Flatpaks or whatever) right? I feel like they have security advantages, even if people hate them because they don't work out-of-the-box.
Android has compartmentalized apps by design, and it seems like everything work there, but that's because developers are forced to think about it and make it work.
It depends what you mean by "apps" and "works". Phone apps have very limited interaction with each other, by design, so that yes, sandboxing works OK. Android also uses sandboxing technologies not available on plain Linux I believe, but I'm not sure of this part. It also has a full system for defining the types of interactions possible between apps, that is built into the UI kit used by all apps, which is another major bonus.
You can't extend most of this to arbitrary Linux packages. Those are often meant to have complex interactions with other packages, and to do so via arbitrary mechanisms (file paths, Unix sockets, shell variables, etc). You can't easily sandbox something like npm or pip, for example, since their whole point is to be globally accessible. Even less so for something like OpenSSL.
Can't you just use an AppImage (if available) for things you don't want to bother with instalation?
I only use it for emulators, and I don't really explore the OS anymore, so I'm not sure if they have any downsides.
Android has compartmentalized apps by design, and it seems like everything work there, but that's because developers are forced to think about it and make it work.