I'd like to allow users to create databases for which only they have access. The application would be able to access it only if they are connected and provide some sort of authorization via public/private key mechanisms. Is there a common way to handle database security when dealing with sensitive data?
You can restrict each user's access to their home database. You can set a home database in their user profile so they are directed to query that database.
https://neo4j.com/docs/cypher-manual/current/access-control/
You can also have them share a database and setup an access structure so they only have access to nodes with specific labels, which would created to indicate ownership.