I am wrestling with some tradeoffs re: teams and projects. making choices has lasting effects, and it is not easy to decide and understand in all consequences. I guess I need some advice; and hope with this discussion to be able to help others with similar setup issues.

What we have:
Company with small teams per project, many times the same people,. Company is involved in many projects. With, most times, the same people. But each project has a high degree of confidentiality, we need (legal obligation) to prevent access to team members who are not working on a specific project.
The key issues:
- matching these confidentiality requirements between many projects ; and teams with varying but overlapping composition ;
- Reducing overhead for mobile users i.e. keeping number of synced shares low
- Reducing clutter, i.e. keeping the amount of groups and teams low
- Keeping administrative overhead low, i.e. not having to manage detailed file permissions each and every time.

Ideal would be: use just a few teams (with overlapping users), add channels for each project , add the project folder into that channel. And manage access to channels and files, based on actual team composition.
Problem:  with this setup, each team member can access all other channels and the folder with files added to that channel, which we don't want.  I don't see how and if permissions can be managed on that granular level.
The other scenario:  a team and share for evey project, is also not very attractive. That would require everyone to sync many (20+) shares and having to switch between all those teams in the team app.  Many desktop shares is not a very good idea either I guess, given the experience with groove and even with the new O4B sync client. :\
Who can give me some guidance? Is there a solution at all for this?
Tx!