After trying several things I gathered around the internet, I found the 3 minimal steps which limit security-related changes to the embeddable LiveViews only.
Separate LiveView Socket.
Separate Router Pipeline replacing x-frame-options HTTP header with a restrictive CSP.
Separate layout for embeddable LiveViews independent from session-based assigns.