[deleted] But what if you find yourself with stalkerware, whichever user space that may be in.
Apps cannot install anything without getting permission to install apps in general. Even if you give an app permission to install apps, nothing can be installed without your permission (except the Apps app can install things unattended, but you can both disable the app or disable automatic updates, but that's not advised).
So to avoid apps that do shady things, the best thing you can do is avoid shady apps. Regardless, each app will be constrained to its own sandbox.
[deleted] Is it possible to dissalow location services or passive GPS receiving in ALL profiles EXCEPT a dedicated maps/GPS user space?
yes. Location is a per-profile settings.
[deleted] Would that provide effective isolation and protection?
Apps are sandboxed, so they're already pretty isolated. User profiles add to that with per-profile settings and some additional isolation. There's some more about user profiles on the website.
Restricting apps' privileges in general is always good practice, so grant only the permissions an app needs.
[deleted] What if your attacker can see what's on your screen.
The only permission I know of that could achieve that is a screen reader, utilizing accessibility services. If you were to add that permission, you'd know it.
[deleted] Would it be limited to the profile you've acquired stalkerware on?
If you granted that permission, yes, the app's ability to see the screen would be limited to the profile the screen spying app is on.
[deleted] Alternative solutions I'm looking at included a dedicated device with downloaded maps and always kept offline
not sure about removing the GPS physically, but from a software perspective each device is accessed by different sandboxed services. If you use airplane mode and keep location off, the OS will simply not use those components.
Here's a sort of related quote from the website FAQ that talks about airplane mode, but also mentions GPS.
Activating airplane mode will fully disable the cellular radio transmit and receive capabilities, which will prevent your phone from being reached from the cellular network and stop your carrier (and anyone impersonating them to you) from tracking the device via the cellular radio. The baseband implements other functionality such as Wi-Fi and GPS functionality, but each of these components is separately sandboxed on the baseband and independent of each other. Enabling airplane mode disables the cellular radio, but Wi-Fi can be re-enabled and used without activating the cellular radio again. This allows using the device as a Wi-Fi only device.