How about a lightweight immutable distro, like say Fedora CoreOS or openSUSE MicroOS?
Fedora CoreOS in particular has had a good track record delivering patches quickly. Like for CopyFail was pushed to the stable channel in about a day, IIRC, but the patch was already available within a few hours of disclosure in the "next" / testing channel.
Talos and Flatcar are also worth considering if you want an even smaller attack surface, from what I heard they weren't even affected by CopyFail.
Fedora is a staging environment for RHEL
This oversimplifies reality. Fedora has a community and actively makes decisions RHEL has no interest in. But yes they also help with testing many things.
Been there, done that. Less changes are just better.