There's no fix for this in Joplin, because it's a problem with 2 upstream projects (electron-builder and chrome-framework) in combination with a default kernel setting in Debian. We can't fix this, unless we make Facebook and Google and/or Debian change their code.
However, there are several workarounds. One is changing the kernel parameter, which is obviously a no-go for you.
Then there was a PR merged that allows you to start the app with the flag --no-sandbox. This will be available in the next release.