We already have Pants installing Java and Scala for you iirc, along with Protoc, Shellcheck, etc
I think the main places we leak out are:
• discovering Python
• discovering Bash to run some internal scripts
• discovering unzip, zip, and tar to unpack and pack archive files
• discovering Docker
• when building a PEX, we default to the PATH being available because of sdists needing to be compiled