I was thinking the easiest thing to do would be to delete the password sign-in method so that the user can only use Google sign-in (they could still reset their password), but I can't find a method anywhere in the docs that does this?

To delete a sign in provider, you have to do it via the Firebase Auth console. Screenshot

Firebase has also has blocking functions that trigger when a user creates an account but before they're added to Firebase. You could use beforeUserCreated to see if the email is already registered and block creation if it's found.