If you try to set a read timestamp after preparing a transaction, it is not prohibited (timestamp_transaction is allowed at this stage so the commit timestamp can be set) but fails, and this causes a panic.

This is a silly thing to do and ideally it would be prohibited, since the number of paths that can lead to an application-triggered panic should be minimized, but the API-level infrastructure for prohibiting operations doesn't extend to examining config strings. So I'm not sure what the right approach is.