If this person needs schema access to do their job, then you're only option is Full Access. There's nothing you can do to stop them at that point. If the file(s) are hosted and the developer doesn't have access to FileMaker Server and the server's OS, then at least they can't just download it. However, with Full Access, someone can easily copy your data, tables, layouts and scripts separately in order to recreate it later on.
The most powerful tool you can use to protect yourself is to use a reputable firm that has a history of serving other clients. Our developers sometimes sign non-disclosure agreements if clients request it. We also carry insurance that protects our clients as well. Choose a development firm that offers this and more if you're concerned.
If you are hosting file from server, you need not grant access to the server admin console nor the actual server machine--which would be needed to either download a copy or grab a back up copy.
You can use encryption at rest to encrypt the file. The file on the server will still be one that can be opened and reviewed, but any physical copy cannot be opened without using the encryption key.
But this only prevents copying the file. A full access user cannot be prevented from copying out specific features--such as scripts or custom functions.
leave an indelible trace in the file in order to prove that I developed the solution in case this person make a copy
Having a timestamped backup of the solution prior to giving it out should prove that before anything you owned it.
Everything else is a waste of time: if you have to give the admin pw to somebody and he knows what he's doing (using FMPA+admin pw) then you're screwed.
Depending on the nature of the review, perhaps you can just run a BaseElements analysis on it and provide that. Obviously that too wouldn't prevent someone from copying and pasting bits of the schema and scripts.