Sorry, but this issue is not solved.
This is a tremendous security issue! Especially since Github is promoting the idea of machine users for servers which need to access multiple private repositories, it makes sense to allow for collaborators to be read-only. As the documentation says as a PRO: “Anyone with access to the repository and server has the ability to deploy the project.” -> meaning anyone with access to the machine user account or the server can deploy and break all other servers (yes, we live in a world with cloud computers where we may have multiple instances running at the same time, accessing the same repos).
Clone, fork, fine but not push. That should be read-only by default for any collaborator!