I agree with the sandboxing and permissions points, but is that related to the OS not being rooted? This is a genuine question - I'm not trying to make a point here, but to learn.

I think Qubes qualifies from a practical point of view, as modern hardware is powerful enough for it, so it's viable to run Qubes on desktop instead of a baremetal OS. I'd even go further and say there's no excuse not to run Qubes if you're familiar with Linux and can afford a compatible desktop or laptop.

Per-app sandboxing or per-OS compartmentalization is pretty similar with regards to security. There are some security and usability trade-offs, but I like the per-OS isolation model, as it's easier for several apps to share everything within a VM - that way you isolate a whole "project" more easily, as everything inside a VM is only related to that project and you assume all the apps would need access, anyway.