Easy and only way, don’t let users install their own plugins.
All software have security issues, therefor all plugins are insecure in one way or another, therefor it is pointless to talk about general “security”, security should be discussed in context, and a plugin having a permission escalation bug is unsafe to use in multi user enviroment, but perfectly ok in a single user setting.
If you want to control the safety of plugins used by your users, the only way is to inspect them yourself (or pay some security service), set them as installed plugins for all sites and let the site owner just activate them while denying the ability to install new ones.