Sorry, I misread (actually I responded before reading the other thread) that this wanted to use files in /usr not put them there.
@pedronis - this is a new use case. In essence, the snap wants to put a file into /var/lib/snapd/hostfs/usr/lib/mozilla/native-messaging-hosts/. This file extends firefox to launch a command and thus provides sandbox escape. It also doesn’t work with the firefox snap and possibly not cross-distro. As we are discussing in Synchrorep need classic confinement, this is a variation on extending the host’s software via its plugin/extension mechanism. Interestingly about this use case is that the snap doesn’t need classic since it is using system-files with hostfs (it is conceivable we could employ this methodology elsewhere, but see above about sandbox escape).
It was said that the snap could put a file in the hostfs which causes firefox to launch the extension under snap confinement which means that for system-files request with hostfs, we could add a proviso that the snap publisher must do this and the publisher must be vetted (since, like with classic, the publisher must be trusted to dtrt). While that potentially addresses the security aspect, it does not address cross-distro wrt paths or working with browser snaps.