VLAN for every single computer will be a headache :-)
I believe you need PVLAN not VLAN, it will isolate layer 2 and interfaces will not be able to communicate with each other (except uplink & trunk ports of course). Could you please review following links, if you need more specific reference, let me know please.
From the Juniper's website
Private VLANs (PVLANs) take this concept a step further by limiting communication within a VLAN. PVLANs accomplish this by restricting traffic flows through their member switch ports (which are called private ports) so that these ports communicate only with a specified uplink trunk port or with specified ports within the same VLAN.
If you have available resource on your devices, I believe this will not effect performance significantly.
As the last words, yes isolation is a important topic but end point security have many todos so please be sure you considered your antivirus policy, patch management, account permission hardenings, doormant user reviews, etc. :-) If you don't have end point protection solution (for example), eventually this clients will be able to access to somewhere. You will isolate this client computers to communicate with each other but eventually they will talk with printer server or web server... :-)