I'm not really super confident, but I think the problem is that sshd has to be able to spawn user sessions and those users are generally not supposed to be (meaningfully) confined by selinux or whatever. So I suspect that it wouldn't have helped, because a compromised sshd is necessarily in the prefect place to MitM or forge a session regardless of extra constraints. But take with a grain of salt.
Would this have mattered/stopped/mitigated the `xz` problem if systemd spawns opensshd and transiently loads infected .so shared objects?