It is best practice that have a dedicated user for Marketo. Not only for permission setup, but also for audit purposes. It's helpful to see that it really was Marketo that edited a certain contact when you're trying to get to the bottom of an issue or bug.
The best way to limit the contacts/leads that sync from SFDC to Pardot is to create a user that can only see specific the recors you want to sync, for example using record types.
In order to limit the leads that sync from Marketo to SFDC, you'll want to implement business rules that look for certain data points on the Marketo lead and keep those from syncing.
I agree with Jennifer, you should always try to dedicate a user to just Marketo. Are you out of licenses?
My other question is Why do you not want to sync the records? You never really gave us a reason. Your answer would help us decide how to help.
Since you are talking about preventing a contact sync, this isn't really feasible w/o preventing the Marketo user from seeing certain records. You could add a flag that says "No Sync=TRUE" and then tell Marketo User to ignore those records. This works better for syncing new leads though.
We use a sharing rule in SFDC that only allows certain types of records to be shared with the Marketo Profile. We used a unique license for our Marketo instance, so we were able to use the sharing rule in this manner. Good luck!