Hi Simon,
There's no way to do this currently, without development. AtoM was designed to double as a staff interface for description and arrangement, and a public access catalog - so the assumption was that your site would eventually be public facing. For users who prefer to keep the AtoM site entirely internal, we generally recommend adding HTTP authentication (aka password protection) to the entire site - that way, no one without the proper credentials can access the site (including web crawlers who want to index the site's pages).
I'm curious about your use case - can you tell us more? Specifically, why would you want to let users browse the site but not search? Would you want to disable just the global search box, or all of the dedicated search boxes as well (e.g. the search boxes on the authority records browse page, the terms browse pages, the repository browse page, etc)? Would denying all public access to the site meet your needs?
Cheers,