Similar to some other ideas around restricting the People Picker, I'd like to see the ability to scope the security/share picker.

For example, restricting the ability to share with anyone who does not already have access to the current site collection.

We already use the "restrict sharing to owners" and "restrict sharing to only people already in Azure AD" extensively, but the latter often falls short, as there are often times when Information Barriers or Client Confidentiality require further restrictions on not just who can share what, but who they can see in the share/security people picker.