Adding to this:
the boot process takes longer only because of the amount of time Grub needs to decrypt and open the partition(s) / the encrypted container.
This can take a few seconds - maybe even 10s, depending on the power of the CPU - but once that is done, the impact of encryption is not noticeable.
Grub is not optimized to use multiple cores of a CPU - it only uses one.
That is why the process is so slow (… just a few seconds anyway).
You can cut down these initial few seconds by lowering the amount of iterations it will take Grub to open the encrypted container - but that will only save these few seconds on a fresh boot.
The fact that the system is encrypted will not (or only hardly) be noticeable during use.
… with an SSD hard drive I think it is quite a bit unusual to have a boot time of almost 1,5 minutes - for a spinning hdd this is to be expected
especially because Manjaro/Arch is a rolling release
lots of software gets updated pretty often - and that data gets written to different places on the spinning disk,
so: search and access times may suffer
This should not be an issue at all with SSD (non mechanical disks).
I know of no way to do that - someone who is logged in has access (with or without encryption).
You would need to move your data.
As for applications: no way around full encryption.
For your data: yes - but not for restricting someone running applications.
But once the system is up and running (the stuff is already decrypted/open) there is nothing you can do to prevent access through some kind of added encryption.
Stuff needs to be encrypted on the disk
else someone with physical access can just boot a live system or unplug/re-plug the drive - and voila:
there the data is
Not sure what scenario you want to be resilient against …
For me it would be:
my notebook sits there, powered off
in a hotel room - or when it might get stolen
I want to prevent access to whatever is on it.
The answer is: full encryption (or just the contents of $HOME)
I’m even confident to sell my (spinning) hard drive on eBay or whatever
just as it is right now - with everything on it
Someone would need to know my passkey to get access - … that is not going to happen during this lifetime by trial and error … aka:
brute force just will not work