Ok, this one is going to be controversial, but hear me out. There's a lot of complicated programming contained within any Drupal site, but unless you've done something wrong it all plugs into Drupal's administrative interface, which can be operated by any reasonably tech-literate person. There is no reason the people who operate the administrative interface need to be experts in the arcane details of Drupal programming. While you need programmers to write the modules and themes, you don't need them to install the components for you -- you can, and should, take care of that yourself.
Of course, the programmers need to have copies of the site, in order to be able to write the modules, themes, libraries, patches, and other assorted bits of code that are needed to create a fully-finished site. Of course they'll need copies of the code and (appropriately sanitized) database. They might even need to have access to an online dev environment to develop and test integrations. But unless you have a very unusual situation, they do not actually need access to the production environment. Don't just deploy a zillion Git commits, where nobody except for the programmer has any idea what's going on. If they're writing modules, have them give you the modules -- via email, if necessary.
It's a HUGE advantage to have somebody install the modules and themes other than the person who wrote them. It ensures that the installation procedure is clear, well-understood, and documented. It encourages transparency among the team, so that everybody understands what everybody else is doing. And it increases the number of eyes on each step, without actually slowing things down and making it harder.
Take control of your site.