Without doing real P2P in person or involving a third party to offer guarantees or escrow (and thus not P2P) you cant. Thats not a NOSTR issue persay, and the likes of ebay had the same issues.
For privacy, as the buyer, have physical goods shipped to PO Boxes, drop and forward points, etc that you can get to. These generally dont have to be in the same town or area of which you live. As the seller, you could leverage multiple different nostr personas for products to reduce correlation if thats important. Accepting Bitcoin would be preferred.
Thank you, Vic! Great points, I appreciate the insights. I agree, balancing privacy and security in P2P definitely has its challenges.