All your troubles would be solved if you simply locked down master and only allowed pull requests with limited merge options like fastforward and squash.
I work at a small shop with 6 devs. We do this. No issues.
We did this at one point, but at the scale we work at (our GitLab has 671 projects, about 150 of which have been worked on in the last 4 months), that kind of lock down creates a major bottleneck for updating projects unfortunately. We had to disable it shortly after starting it because it was simply too much to manage with our current workforce. It's too much extra work for us compared to just saying "use a GUI", which has had a great success rate so far.