For anyone finding this thread later on, as of at least version 14, setting “email as username” and disabling editable usernames does in fact prevent users from changing their email address. The UX for this in the default templates is not great however, it still renders an editable form field but will reject an edit with “Bad Request: readOnlyUsernameMessage”
If you want to make other fields read-only, you might want to check out enabling the Declarative User Profile feature (Server Administration Guide) which allows you to set e.g. firstName and lastName as read-only (but still set on registration). It is important to note that this does NOT work with the “email” field.
If you wish to disable email changing due to the fact that Keycloak does not currently require verification for the new email, watch this PR KEYCLOAK-6455 Ability to require email to be verified before changing by reda-alaoui · Pull Request #7943 · keycloak/keycloak · GitHub