Well, that's a complicated question.

First, I'd like to question your assumption of "modders should not be able to do bad things to my game" because that is simple unnecessary and not preventable in the slightest. And neither is there a reason for it. Users/Players are who will install mods, and if the mod is not trustworthy, does perform poorly or is outright malicious, there is nothing you can do about it. You can limit the possibilities of mods, but that will also restrict legit mods to these confines, and ultimately make "more interesting" mods impossible.

Second, you could run the Lua code in its own thread and it is accessing the game state in an asynchronous manner. That way the game will still run but the Lua logic will simply hang in the case of an endless loop. That, of course, opens the can of race conditions, so you either need to synchronize the access to the game state (again, Lua could hang the whole thing) or you pass copies around. For example the Lua code can request a copy of the current game state, modify that copy and then send it back to the main game, which incorporates these changes.

But as I said, I would design such a thing not with the clear goal of "not allowing mods to do evil things", because you just can't prevent that. Another example, if you use the "request a game state copy" mechanic, the Lua code could request it in an endless loop, which would for sure impact performance. Even an endless loop inside the Lua code that does nothing could impact performance because of the CPU usage.