Not sure if C: is the correct location to put SQL files as you are then sharing the disk I/O with the OS.
BUT one way you could do this would be with the windows file permissions. You can allow read/write operations on subfolder1 and subfolder2, but only allow read operations on folder1. This way, if someone tried to restore a database to folder1, they would get a permission denied error. This would affect ALL files in folder1 though, not just newly created ones. So if you had master (for example) in folder1, you would likely get errors starting the instance.
Apart from that, I am not aware of any way to restrict it.