Have you considered nix os? I personally don't use it but I think it could fulfill your needs. You could have a work user with the home directory encrypted and a seperate personal user. Then you can install packages in a user independent way and you won't have any cross over between your users.