Isolation tiers — microVM / gVisor / container

The hierarchy of isolation strength. Students learn the practical spectrum —
microVMs as the strongest isolation, a user-space kernel layer as a middle ground,
and standard containers as the minimum viable option — and how to choose based on
security requirements, scale, and latency tolerance.