There's not a simple way to do that, but it's a common feature request we should implement. I'm sure there is an issue filed somewhere.
go list -mod=readonly -test ./... would probably be good enough to check that we don't need to add new modules. Setting GOPROXY=off disables most requests, but the ?go-get=1 requests for resolving import paths don't go through the proxy, so those would still happen for unknown modules. Edit: resolving import paths actually does go through GOPROXY.
Note that go list -mod=readonly -test ./... will only check that you don't need to add new modules given the build configuration of the environment that ran the command -- it will not flag any new modules that may be required when using different build tags (OS/arch/etc.). I believe that mod tidy -check (or an equivalent) is the only way to definitively guarantee that the go.mod and go.sum are in the proper state for all possible consumers.