After upvoting kotekzot's answer and jet's comment here is the ultimate solution: buy a plain-old front-rack. Sorry, since shopping recommendations are forbidden I won't suggest you a specific brand.

Simply mount the system disk in the rack and swap at necessity. Since these things are cheap, you should consider buying two twin racks, because every model requires you to mount the disk in its unique enclosure that can be extracted at any time. So if you have a single rack and two enclosures you can swap disks at any time. Obviously be aware that if there are any other disks mounted on your desktop the OS has full access (super user principle) to all of them.

To run Windows in a way that it cannot access Linux partitions even after being infected by the worst malware ever, an alternate would be virtualizing, but obviously you won't get direct access to video card and gaming performance.

I have almost the same problem (Hackintosh + Windows). The solution I found was installing another disk controller. These can be cheap ($30) or expensive (real RAID / SAS card on PCIe bus).

To the point:

1. Install Windows on its own disk. The motherboard SATA ports are good for this. (Leave the other controller plugged in.)
2. After Windows has been installed, disable (or don't install the driver) for the controller. Better: both. If the Windows kernel can't access the controller, it will not access the drive in there. This is much safer than disabling the disk in Windows.
3. Remove the Windows disk. (Against accidental deletion when installing other OSes.)
4. Install the other OS (Linux or whatever) on a disk on the controller. As *nix systems will not destroy other fs/disks on their own, no need to do anything here.
5. Plug the Windows disk back in (same motherboard port you took it out of).
6. Configure Grub to dual-boot.

In this configuration, you can access the Windows installation from *nix system, but Windows can't access anything that's on the controller.

That should be all.

the kernel will always have raw access to the disk controllers and so to the disks.
And so be able to damage the other OS by destroying partitions.
While some disabling in the bios might hide the disks from the OS (this was possible on old ATA controllers but i doubt this is possible on SATA).

so the short answer is no it is not possible on the level you want.

if you have easy physical access to the hardware, unplugging the data cables from the HDDs you don't wish to be accessible would be the simplest and most reliable solution. I am not aware of any virtualisation products that would suit your needs, and disabling a drive in the bootloader doesn't guarantee it will be unavailable to the OS. You could try disabling them in BIOS, but again, no guarantees it will stick.

Disable the device itself, I dont think many viruses would think anyone has driver disabled one of the drives.
Un-Mount the device, Hidden the partiton, all seem like viable options on either system, until virus makers get wind of it as a thing to do , then they will make arrangement to adjust thier crapware.

"carts" cartraging a drive in a bay enclosure , the connections on some of them are robust, connecting and disconneting a SATA (over and over again) on the actual drive, would not be so robust, but most cart systems the re-connecting is done between the frame and the cart, those parts being cheaper to replace than the drive.

I have tried the power off method with PATA, and it didnt work well at all, I have not yet tried it with SATA, but it brings back memories of the whole system freaking out when the power to the drive stopped. And removing only the 12V (the motor power) the system would still see the HD controller board, and lockups at startup or during run. Need to try that again.

Security and Protection? Because virus can do things even with all the secuity and protection, the "type" that would be desired would be some strange lesser used stuff, not a common system protection method, that would be a known. Anything done manually by a user might be more secure than known security.

After the main and important data drive is disconnected, that would still leave, having a Image backup of the sacrificial System drive and MBR, so it can be returned to a previous state. Having a couple of images as things are added, for that virus type that takes its time , slyly hiding in wait for a few days so it is not noticed. Having those backup images on a removed drive, or passed over to another computer (or even the cloud).

I Googled this recently, and thought I'd share my solution. If your windows is a Pro or better version:

install Windows and make sure dual boot works

go into Group Policy and block driver installation for disk drives (you will need to get the GUID for the driver class from Device Manager)

Go into Device manager and uninstall the drives you do not want accessed.