I was under the impression that you couldn’t change the file permissions directly but I just tested it and it does work without overmounting.
In that case, we can just do chmod og-rwx -R /sys. Not only would this hide a whole load of hardware information, it would also prevent a bunch of security vulnerabilities as sysfs and debugfs add a lot of attack surface.
As per Grsecurity/Appendix/Grsecurity and PaX Configuration Options - Wikibooks, open books for an open world we can whitelist /sys/devices/system/cpu