Granular access to directories within monorepo

Question

I\'ve been reading about the advantages of monorepos, but haven\'t yet found a mitigation for the problem of sharing parts of a repo:

Let\'s say an organization has

Answer 1

How can they give the contractor access to only the relevant client code?

They don't. Confidentiality issues with a full monorepo are simply too important to be mitigated.
And Git itself has no authorization (or authentication for that matter).
Meaning: no amount of native Git feature alone (submodule or subtree) would be enough on their own.

I usually see an intermediate gate repository, composed of the relevant parts for the contractor to work, with a synchronization process to import/export to work.
And if that contractor is working remotely, then that extract would be hosted on a separate server, itself managed in a DMZ, and replicated to an external server on the internet, accessed through VPN?