~/Library/Containers/* is where sandbox containers live. The folder structure within the container intentionally matches up with the folder structure non-sandboxed apps use, where the Data subfolder looks very similar to the user's home folder. I've never tested but I assume that sandboxed apps that call the macOS API that returns the user's home folder are actually given the path to their container's data folder instead. This makes it a lot easier to sandbox apps.
