Defence in depth is the process of having multiple layers of security just in case one fails. Virtual Machines are an example of Defence in depth, a VM provides an extra layer of security just in case the security of what is running inside the VM fails. Multiple layers of security can slow down or even completely prevent an adversary from compromising your system. When it comes to anonymity layered security is common, Tails for instance uses AppArmor to further restrict Tor Browser just in case it is attacked. Whonix uses VMs to prevent anonymization even in the event that a vulnerability in software such as Tor Browser is exploited.
Defence in depth is not about 100% security, sometimes layers are not needed. If you are trying to use the idea of defence in depth to try to defend against every possible attack under the sun, it's not going to work. An example of unnecessary layers is increasing the length of Tor circuits to 6 relays, there are people that want to do this, and it does not make you more anonymous. An attacker is more likely to attack Tor Browser itself, then do traffic analysis on the Tor network. A general rule is if adding a layer of security is going to have a minimal effect on increasing security, then you probably don't need it. Certain areas and aspects of security need more work than others and genuinely need multiple layers of security, but there are a lot of things that simply don't need it.
For instance when it comes to encryption, many focus on the encryption algorithm, some want to use cascading algorithms but in reality the keys are what need to be protected the most. If a password for encryption is used, the user should focus on using a strong password. As another layer of protection, a strong KDF such as Argon2 should be used. That is much more effective than adding more encryption algorithms. Basically what I am trying to say here is you should be careful on what areas of security you focus on. Things that are more prone to being vulnerable probably should have more layers and more attention, while other things that are established and mathematically difficult to attack don't need those layers. Don't add layers that are redundant that don't actually increase security.