Debian 12 had introduced Apparmor 3 by default in the install. Apparmor profiles can be tweaked to restrict application capabilities. It’s quite effective but time-consuming as too many restrictions can prevent applications from working… I wonder how this will be implemented in Yunohost.
I’m not sure this would be anything really new compared to what we already do with systemd tweaking (which also includes “capabilities”, dunno if that refers to the same thing)