Because of how the Git internals and protocol work, I believe this feature would be very challenging to implement in Git. For example, the Git documentation for “git-fetch” discourages this (and outlines two protocol-level attacks):
The fetch and push protocols are not designed to prevent one side from stealing data from the other repository that was not intended to be shared. If you have private data that you need to protect from a malicious peer, your best option is to store it in another repository. This applies to both clients and servers. In particular, namespaces on a server are not effective for read access control; you should only grant read access to a namespace to clients that you would trust with read access to the entire repository.
If you want to give a set of users read-only access to a subset of branches, you can configure a second repository in Phabricator which observes the first repository, but uses “Fetch Only” to restrict which refs are fetched. Then, give the limited-access users access to this second repository. Because the second repository will never contain the privileged objects, protocol-level attacks on
git fetch will fail.
However, this won’t work if you also want to let them write to the repository.