You'd do that with a container and a layer 7 egress proxy rule e.g. mitmproxy.
Sure it's work to build such things, but building restraints into the app feels more reliable than playing whack-a-mole with scanner results.
Operating systems can probably do better to meet this need (e.g. capability based ones like fuchsia) but even as is their rules just feel so much more binding.
The scanner is just one part of the codebase, good for maintaining quality in a pipeline.
There is also @makerchecker/embedded, which has runtime permission primitives you wrap around the agent's actions, so the restraints live in the app exactly like you're describing
Less whack-a-mole, more wrap the risky calls and they're bound