I see what you mean. So your problem is to verify of whether the "hot Electrum" is modified to insert SIGHASH_NONE. What if instead of creating the transaction there, you just copied the destinations and the payout amounts, and created the transaction in your airgapped device? That way, a malware can't have compromised your transaction anyhow unnoticed.
You can also just install a software that checks for your transaction's SIGHASH like Sparrow.
Yes.You can also just find the sighash byte in the raw transaction after the signature, it should be 01, not 02 or some other. But it is better that Electrum does it, not the user.