...but the github runners already are virtualized; you'd need to virtualize the secrets they have access to instead.