apt is not misleadingly advertised as a sandboxing environment. Flatpack is:

"Flatpak: Linux application sandboxing and distribution framework " [0]

"It is advertised as offering a sandbox environment in which users can run application software in isolation from the rest of the system." [1]

The whole point of a sandboxing environment is that you can run applications that do not want to be sandboxed. The flatpack proposition is directly contradictory with this basic requirement, in that it requires the application to be flatpacked to begin with.

[0] https://github.com/flatpak/flatpak

[1] https://en.wikipedia.org/wiki/Flatpak

Trust of the packager is still involved, no?

When I use something from a distribution, I trust the distribution as organization. When I use something packaged by a developer, I trust the developer. I cannot verify thousands of developers, so I must trust the distribution and I can trust few developers or packagers outside of distribution.

Yes, but only for things you give access to (data files, internet)... sandboxing by default, it should not be able to do anything except consume CPU (memory needs to be limited also, which might be an issue in practice).