There is no option to prevent a role from committing to the Mendix teamserver.
Understand your wish though.
What I would do is to create a branchline which is used by testers. So that if they would commit, it is isolated.
Secondly, what kind of test are they running? If it is just frontend testing, they dont need model access. Deployment to acceptance and granting them access to the app on acceptance would be sufficient.
Third, if you want to perform unit tests and such, I advise to look into Menditect.