As for a presentation of the security issues regarding multiple sites on a single Trellis server, I’ll yield to the community or to your research and testing on the topic.
Trellis doesn’t set up FTP by default, but you could set up specific FTP-only users with access to specific sites only, customizing the sshd role with FTP settings. You’d be doing it manually with sshd_config, vs. using Cpanel (no Cpanel with Trellis).
The sites’ files aren’t sandboxed because Trellis loads all the sites in the same web root, which is owned by the single web user. I don’t think Trellis intends to build an environment like shared hosting with sandboxed web roots.
This isn’t a topic I’ll be researching at present, but I’d be interested to read someone’s review of the details and implications of setting up something like this. One slightly related security topic with Trellis is roots/trellis#368