There are two binaries: one for the host (dbus-activated) and one for
the sandbox (bind mounted in to overload /usr/bin/xdg-open). For
sandbox setups that don't require all the overhead of flatpak (such as
manual bubblewrap setups, sbox[1], firejail stuff, etc.),
xdg-open-gateway works.
The issue with the portal stuff is that it requires applications at
some level to have the awareness to behave differently. That's
fundamentally problematic if the goal is to be able to sandbox
arbitrary applications. Usually, this is at the toolkit level, but it
doesn't have to be, and ultimately, something has to do it.
I agree that apps need to be aware of being sandboxed. No way around that.
Pretending that it is not the case does not help. However, in this case, I don't
see the 'portal issue' at all. But that is ok, we don't have to agree.