These are all interesting questions. Let me see what I can answer for you …
First, I want to correct what appears to be a misconception. You say,
I’d prefer to not have all of my work out on the public domain.
Public domain is a legal concept, one you specifically have to opt into. Simply posting something publicly doesn’t put that content into the “public domain” as a legal concept. If you’re meaning “public domain” as in “anyone on the Internet can see it”, that’s something different. We typically just call that “public”.
Did you know that GitHub offers private repositories as well?
As far as access rights go …
With GitHub, access is typically controlled mostly at the repository level. People would have the ability to read, write, or administrate a repository. But even if they only have the ability to read the repository, they can typically submit a Pull Request … which is a request for you to pull their changes into your repository. So they wouldn’t have access to do anything unless you (or your designees) approved it.
There are multiple security configurations that are designed to enable certain workflows. If you can give more details about the kind of workflow you’re envisioning, perhaps I can point to some more specific documentation.
And finally, just because someone has access to a repository, doesn’t mean that they’ll be able to change everything on the server. You control what gets checked into the repository. Maybe you only put certain directories into various Git repositories that are available via GitHub. It’s really a pretty flexible system.