Regarding what you mention about Discord nosing around - is there any easy way of launching an app in a sandboxed environment on Windows to stop this sort of thing?
For software that works under wine, I guess it wouldn't be too hard to simply set a wineprefix and do it like that, but that is a bit of a hack, and wouldn't work with a lot of software.
However, I use Virtualbox and/or VMware Player a lot, and Hyper-V doesn't play well with others, so I can't use any features of Windows that depend on Hyper-V virtualization.
I personally use a UWP app that embeds Discord's web interface. It's surprisingly serviceable.
Well, Discord specifically works in a regular web browser too, which will sandbox it from the rest of your system. There's a couple minor features that will be missing, like the ability to show your friends what game you're playing, but those features tend to be the ones any other sandboxing solution will block too.
For software that works under wine, I guess it wouldn't be too hard to simply set a wineprefix and do it like that, but that is a bit of a hack, and wouldn't work with a lot of software.