Container engines like Podman have dozens of hardcoded defaults built into them. These defaults determine many aspects of the functional and nonfunctional behaviors of Podman, such as network and security settings. Podman developers try to pick the maximum amount of security but still allow most containers to run successfully. Similarly, I want as much isolation from the host as possible.
The security defaults include which Linux capabilities to use, which SELinux labels to set, and the set of syscalls available to the containers. There are defaults for resource constraints, like memory usage and maximum processes allowed within a container. Other defaults include the local path for storing images, the list of container registries, and even system configuration to allow rootless mode to work. The Podman developers wanted to allow users to have ultimate control over these defaults, so the container engine configuration files provide a mechanism for customizing the way Podman and other container engines run.