> However, if I install Homebrew, then install python, then install a pip package, there's really no kind of scanning/notarization/checking happening at all.
There is: you are running that pip package in a chain of processes: Terminal (or iTerm, or whatever) - your shell - python - pip package. In this chain, Terminal has "Developer Tools" privilege, which allows you to run software, that does not meet the system's security policy.
You can disable this privilege in System settings, Privacy and Security panel.
EDIT: Having looked at this again, I'm not sure the Developer Tools privilege is even required to run essentially arbitrary software in Terminal. Homebrew still works without Developer Tools installed, as do interpreted runtimes. If I can even run an arbitrary shell script then the privilege is pointless, which makes the case for a dedicated sandbox for Terminal even more important.
This is my point, Terminal with Developer Tools privilege is essentially granting carte blanche privilege to every sub-process running there, which is not really necessary.
If I could pop a Terminal with a restrictive scope, allowing read and write access only within that directory tree it would be a much better situation than we have now. macOS' permission system isn't really that far away anyway - I can already disable Terminal's permissions to access anything else same as other apps.
Essentially a basic and very limited not-even-a-chroot would be a vast improvement and would still offer an adequate sandbox.
Yeah, but we need to analyze picture as a whole. And by default, chroot is banned while running as root arbitrary stuff downloaded from the internets is not.
There is: you are running that pip package in a chain of processes: Terminal (or iTerm, or whatever) - your shell - python - pip package. In this chain, Terminal has "Developer Tools" privilege, which allows you to run software, that does not meet the system's security policy.
You can disable this privilege in System settings, Privacy and Security panel.