And like all hard problems, that cannot be solved by technology.
"Users will literally run the icon that's called malware" has nothing to do with Windows being written in not-Rust, and won't be solved by an operating system written in Rust.
You cannot simultaneously empower the user to do useful things and prevent the user from using that exact power to fuck themselves.
It's no different from trying to build a gun that can only shoot criminals. It's a completely invalid goal.
And how it is different than asking permission to run it?
Edit: as prompt I thought command-line