Easiest way to safely get the equivalent of SUID on a shell script

I have a script in which I need to mount an overlay to give an OCI container access to a mounted read-only directory /nix/store as if it was writable. I would like to have this script be runnable by non-root/non-wheel users, what would be the easiest way? Initially, I naively tried using SUID before I realized that those didn't work, which lead me to a bunch of answers and articles on the dangers of SUID for shell scripts, including one that explained why merely wrapping it around some C program would not fix the security issues regarding non-clean environment. Is there an easy wrapper/utility I can wrap the script in that takes care of such vulnerabilities? From the user environment, I only need one ENV which is just passed to the docker container, however, the root user would have the same ENV variable in their bash session, therefore if a suggestion works by disregarding all the user environment and instead uses the root one, that would be fine for my use case.

local temp_dir=$(mktemp -d)

mkdir -p {$temp_dir/store,$temp_dir/upper-store,$temp_dir/work-store}

# Create Overlay
sudo mount -t overlay overlay \
  -o lowerdir=/nix/store,upperdir=$temp_dir/upper-store,workdir=$temp_dir/work-store $temp_dir/store

# Do some sutff with the mounted overlay

sudo umount $temp_dir/store
rm -rf $temp_dir