Open Source is sometimes described as "anyone can contribute", but that's an oversimplification. Open Source projects always have a gatekeeper or small community of gatekeepers who decide which contributions are actually incorporated into the project and which are rejected as not up to snuff or straight up bad ideas or whatever.
That's what you meant by your first question, right? Not "how do I hide the code of future changes" but "how do I retain control over what code is added to my repo", correct?
Even if you meant it the other way, you could theoretically do that. Open Source one version and then never release any newer versions.
Ah! Yes. No reason why you couldn't. It would require making a new repo, copying the files into the new repo, and committing in one big commit before pushing to gitlab, but yeah. Definitely doable.
(I basically always do this myself. I don't start the Git repo until I want to Open Source it. So when I first Open Source it, it's a "complete" (or at least "minimum-viable-product") project and there's only one commit. Every commit I make and push thereafter is public, but there aren't any from before my first push/publish.)
To me open source means you have access to the source code. You can choose to modify it and let the author know you modified it. It’s up to the author to decide if they want to implement the changes.
The Open Source Iniative has a particular definition of "Open Source" that includes a lot more things than just "the source code is available." I'll admit that there is a certain extent to which the OSI's definiteion is implicit. For instance the OSI wouldn't consider a license that didn't allow recipients to sell the code for profit, but that bit's implicit under "6. No Discrimination Against Fields of Endeavor."
(I should mention that there's nothing in the Open Source definition indicating that Open Source software repositories can't have gatekeepers or anything. That's expected.)
I wouldn't use the term "Open Source" (and I kinda like to capitalize it to make it clear what definition I'm using... though I'm not 100% consistent about it; maybe I should start being so) to refer to any software that didn't meet the OSI's definition. So, for instance, I wouldn't refer to Louis Rossman's Grayjay (which disallows for instance sale and derivative works) or Meta's LLaMa as "Open Source" despite the fact that the source code is publicly available for no charge to anyone who cares to download it. (The term "source available" certainly fits applications like Grayjay and LLaMa's engine, though the term "Open Source" doesn't apply to LLM weights.)
And the distinction's important to me. I don't exclusively run Open Source (or Free/Libre) software, but there are a lot of specific contexts in which I do only use Open Source software. For instance, I don't run any proprietary (by which I mean "non-FLOSS") apps on my smartphone. And Grayjay doesn't count in my book, and until/unless it one day does (or I quit abandon that particular restriction), I wouldn't consider using it on my smart phone.
Your point that Open Source software contributions basically always have to be approved by somebody before the they get into "the" repository (the most canonical one that "everyone" pulls from, though you can totally make your own derivative work and publish it if it's truly Open Source).