The documentation for the sudoers file (man sudoers) offers these suggestions
By default, sudo requires that a user authenticate him or herself before running a command. [...] if the NOPASSWD tag is applied to any of the entries for a user on the current host, he or she will be able to run sudo -l without a password. This behavior may be overridden via the [...] listpw options.
and
listpw This option controls when a password will be required when a user runs sudo with the -l option. It has the following possible values:
all - All the user's sudoers entries for the current host must have the NOPASSWD flag set to avoid entering a passwordalways - The user must always enter a password to use the -l option.any - At least one of the user's sudoers entries for the current host must have the NOPASSWD flag set to avoid entering a password.never - The user need never enter a password to use the -l option.
Assuming you want to avoid NOPASSWD, you would set listpw=never:
Defaults listpw=never
Use visudo to edit and check the sudoers file (tip: use EDITOR=nano visudo if you want to use nano to edit the sudoers file instead ofvi`). Better still, keep another root shell open while you test so that you don't lose access.
Unfortunately, it seems that a bug in sudo, which is fixed in 1.8.28, may ignore the listpw=never setting. In this scenario you must not use listpw=never, but instead create an otherwise meaningless entry such as this
ALL ALL=(ALL) NOPASSWD: /bin/false
The net result should be that sudo -l will trigger on the any entry has NOPASSWD rule and you will achieve your requirement.
listpwDefault option not working with sudo 1.8.24