Thats a nice puzzle, indeed.
Only some little remarks and findings.
That’s exactly what the package management system does in distributions. And a maintainer (or group), actually all admins and users, are looking after the same single current line of packages. (Not after multiple diverse container universes.)
Why would you want to burden all that on the shoulders of the application developer?
I think the app devs should not be required to support more than their own app (i.e. not have to make timely security-updates available for every lib they use in every flavor of container).
I don’t think there is only the container way. The reason why containers are often used is to work around properly supporting fast paced app development with breaking version changes in the app dependencies. That, however, is something that also seems to get tackled by https://wiki.debian.org/FastTrack in debian. (Besides the nix and guix package managers.)
So the best seems to be, that for web-applications the existing debian/yunohost already has manifest and shell helper based packages, even linters are already a real, self-hosting “thing that works”, and it would be great if new developments could allow it to be turned it into a more general solution.