You could run a 2nd sshd service with systemd where you use namespacing, chroot & drop most capabilities. (Basically a container) You can also change the default logindir of sftp. Look at https://www.redhat.com/sysadmin/mastering-systemd and man sftp-server.