As pointed out by @themoonisacheese, immutable distros are getting some traction recently and they are good for making a system reproductible, allowing easy rollbacks, but this should not make a big difference, privacy-wise. It also add some work for configuration / learning. Here are two levels I’m thinking of from what you presented:

• You go with any stable (big fan of Debian here too) so to avoid data breaches from brand new packages (xz…), then you can compartimentize your application with Flathub and manage the rights with Flatseal. If you go with software with less telemetry (Firefox), this should be a reasonable and easy to use setup. The rest of the privacy will depend on what is going on inside of your web browser, probably.

• The next step would be something like Qudes-OS + Tor. If your workflow / usecase allows it, this should be a good step up for privacy. Your laptop seems beefy enough to handle the many VMs, and the install is easy enough imo.