VSCode could shove the entire extension, third party binaries included, into a sandbox, Docker-style. And “give this extension Internet access” could be an option when you install it, with the default being “no”, and a bit warning if you want to override that default.

For all that the Docker ecosystem is somewhat of a mess, it seems more than adequate for this use case.