In general, the table mentions the related settings. For example, if you don’t want them to be able to edit all posts, you can remove them from the edit all post groups site setting.
But I don’t think it’s possible to prevent them from for example closing topics. Since you manually promote those users, can’t you trust them enough so they won’t do something if you tell them not to do it?
What is the reason why you want them to be trust level 4?