Currently possible:
1) you can have each team define their model as a schema file, but you'll need to have a custom process for combining them (for now; we have a proposal to provide tooling for this)
2)
https://github.com/authzed/action-spicedb-validate can be used to validate the combined schema in GitHub Action
3) restriction you can do via OWNERS
4) Once they are all combined, everyone will be able to access all the permissions
5) Restrict who can query is coming as a paid feature this year on SpiceDB Dedicated and SpiceDB Enterprise