There is a limitation which may make this simpler for you.
In my experience you cannot control permission access to Parent records by information in the children. That has never worked for me.
I suggest that you allow the Outside vendors to see all Projects in terms of their permission settings, but put up reports for them to view which have filters to limit the projects. Then block that Role's ability to modify reports.
If you have the Permissions such that users can only see their own Company's Tasks, then you can filter the Projects report where the # of Tasks is > 0.