You can combine ssh with multiple users to provide repo-level permissions (not branch level). You use standard linux permissions to enable deploy keys. You would also use git-shell on the read only ssh accounts for the deploy-keys. Without writing a new shell you wouldn't be able to do branch level protection.
Do you have a reference for such a barebones git setup anywhere? I’d love to get rid of Gitea currently in use for the team and replace it with simple Git + SSH. We don’t need branch level access control.
Last I checked, I gave up after try to set up keys for each user into a ‘git’ user in the VM running git. Any guidance here would be of great help.