You can set the Public group auto trust level.
/g/group_name/manage/membership
If you set it to e.g. 1, then the users in this group will be locked on Trust Level 1. It is useful if you add people automatically to this group when they signed up and they will automatically grant the TL1 (locked). Or if user already registered but under TL1 then they will also reach TL1 (locked) after add them to the group. So they cannot reach higher TLs.
But this process won’t work reverse so if you add a TL1 or higher user to the group they won’t be locked on TL1.
I don’t know about your site category structure but probably you can play with that too… Change trust level permissions to these added groups to ignore TL accessibilities.