Kinonite is nice and all but on my desktop I am downloading packages far more often and I don't want to deal with the hassle of restarting my system every time. I know there are ways around that but eh
I've been experimenting with Kinoite for a while now on a VM (because my main computer has an Apple Silicon chip and running Linux on bare metal would be inconvenient), and keeping packages on a toolbox works pretty well, so no need to restart there.
If you need to layer packages with rpm-ostree and don't want to reboot, you can try the apply-live flag.
Plus, most of what I need can be found on Flathub.
Yes, layer as little apps as possible. Binary system-installing apps are a problem, but you should avoid these anyways. Also switching to hardened kernel and malloc are, but there is a project for that now in the "awesome user images" of ublue.it (not by them)