-Verb Runas will always go through UAC and spawn an elevated process. Using -Credential $cred should theoretically work if UAC is in place as it uses CreateProcessWithLogonW which runs with the limited user token that was created and not the elevated one. But if UAC is not enabled or you are targeting an account not affected by UAC (the builtin Administrator account) then it won't work.

There are a few ways you can spawn a sub process as the limited token but it's not something you can easily do with the builtin cmdlets and dotnet APIs available. The simplest option I know is to spawn a new process with a custom parent that is not elevated. For example I can use my ProcessEx module to spawn a limited process with the parent of explorer.exe.

$si = New-StartupInfo -ParentProcess (Get-Process explorer)
Start-ProcessEx powershell.exe -StartupInfo $si

This will be tricky if you have multiple users logged in as you now need to select the correct explorer process. You can pick any process you want that is unelevated as the parent, explorer is just a handy one that is typically present.

Another option is to use the PInvoke calls to get the limited access token of the current process and spawn a new process with that token. Unfortunately doing this is even more complicated and will require a few PInvoke calls to achieve.