Root (user with uid = 0) cannot be limited in anything. From the word at all.
But it is possible and even necessary to prohibit login to the root remotely. In sshd_config:
PermitRootLogin no
In addition, you can disable login in general for everyone, except for the login vasya:
AllowUsers vasya
and that's it. It doesn't matter if they know the password, they don't know the password - they will be sent anyway.

No. It doesn't matter what the root is named, it's a user with UID=0 and will have ALL permissions anyway.
But forbidding him to log in via ssh is easy. Just give him an empty password and that's it.
Just in case, you can double-check in the sshd settings that users with an empty password are not allowed, but by default this should be disabled anyway

Privileges in Linux are set using capabilities. By removing all capabilities, you can make the root user even less privileged than normal.
There are several programs for managing capabilities. You can use the standard capsh.
The following command will start a root shell without any capabilities:

sudo capsh --drop=cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,cap_wake_alarm,cap_block_suspend,cap_audit_read -- -c bash

in /etc/ssh/sshd_config all settings.

In general, here is my mini-manual for you: