The first thing that comes to mind is a combination between SBOMs generated for your self-hosted services (trivy, syfy, etc) which are pushed to OWASP Dependency-Track and whenever some vulnebrabilies are detected (note: you'll get lot of notifications if the application is using a lot of libraries), trigger an event (not sure if node red can help here) which would run a script to disabled the vhost. (just a thought. I haven't seen an actual solution)
+1 for LibreWolf. I've been using it for ~2 years and it's better than Firefox from a privacy perspective. Development is active, so updates are being pushed regularly. As for vertical tabs, you can easily achieve it with Tree Style Tabs. I strongly recommend it.