I mean just distributing the regular compiled x86_64 binary and then running it as a normal executable on the client side but just using that syscall shim so it is safe.

If you think about the fundamentals involved here, what you actually need is for the OS to refuse to implement any syscalls, and not share an address space.

A process is already a hermetically sealed sandbox. Running untrusted code in a process is safe. But then the kernel comes along and pokes holes in your sandbox without your permission.

On Linux you should be able to turn off the holes by using seccomp.