I use a deploy key with write access on Github with weblate. This way, I can finely tune whether weblate machine has access or not to a specific repository by adding/removing deploy keys.
It seems however that weblate uses only one private key and is not designed to use deploy keys. What is the recommended way of handling my problem?
On Hosted Weblate we're using separate user on GitHub. This allows you fine grained access control, while using just one ssh key. Also see https://developer.github.com/guides/managing-deploy-keys/#machine-users
But even with deploy keys, you can IMHO add same key to several GitHub projects.