I'd like this too. Please feel free to submit patches. We already have basic infrastructure for it: when you run without arguments, it opens various things, and then starts a new process, passing those things to it. The goal would be to run that second process as non-root and with various sandboxing turned on. Check out main.go.