A user with the System Administrator role will always be able to create a new instance of any entity, regardless of whether it is managed or not.
Even if you write a plugin to stop the creation of certain entities, a System Administrator could just disable it...
The typical approach is to include in your solution a security role that restricts creation of certain entities, and recommend that the admins give that role to the non-admin users.
Beyond that you could think about sending an alert email if a user creates a new record of the entities you're trying to prevent new instances of (which again, a sys admin could deactivate).