In order to listen (and forward) all network traffic you need privileges over the network namespace that you want to forward packets for. In most cases this ends up with you running as root. You can use proxies but that defeats the point of a VPN -- that all traffic is forwarded.
But as I mentioned, WireGuard should really be the least of your problems (not to mention that there are userspace WireGuard implementations).