While that definitely restricts the attack surface, there are still situations where you are running untrusted code within a process (e.g., JITed code whether JavaScript or something else like eBPF). So it would require not only the kernel scheduler to be careful about scheduling threads to cores, but these applications as well (which is not something most people have ever bothered with, setting thread affinity for performance, yes, for security, not really).