Really, the best way would be to modify the incident management workflow. And by "best", I mean that it'd be the cleanest solution. However, I can think of a couple silly work arounds. They should work, but it isn't pretty.
- Setup a workflow based on the "Send Incident to Workflow" template that stores in a DB table a running list of where this ticket is and has been assigned.
- When a ticket gets assigned, it goes to this workflow.
- In the workflow, it checks to see if the assignment is valid. If so, it goes through just fine. If not, it kicks it back to the queue it came from (based on that DB table).
Option 2 would be more or less the same thing, but instead of a table keeping track, you would just have the workflow look to see who did the reassignment and based on their group/queue memberships, would evaluate if it was acceptible or not.
But really, hacking up the IM workflow would be easier, though not supported and you'd have to re-implement it on every upgrade. You could just change what queues show up in the drop down list based on the logged in user.