If you are shipping a Go compiler, it’s my understanding that you will be able to remain under strict confinement if you plug some interfaces that could allow ego to access what it needs (perhaps block-devices and kernel-module-observe? ).
A handy tool to understand which interfaces you could plug while keeping under strict confinement is snappy-debug. You can locally run snappy-debug in one terminal and ego in another one and watch the output of snappy-debug. It usually makes useful suggestions about which interfaces you need based on the behavior it observes in your snap. Can you please try and let us know? Feel free to paste here the denials you see and we will be happy to assist.