1. If an address has not sent any transaction, will the public key not be disclosed?
It depends on the address or output type. There is only one address type that uses public key directly and that is the new P2TR address that uses the tweaked public key. Other addresses are using hash of the public key and since hash is irreversible we can not know the public key.
However, there are outputs scripts that can use the public key directly (they don't have any address defined). Like P2PK or P2MS outputs or anything similar that uses public keys.
2. Does the real public key of this address only exist in the wallet.dat?
It depends on the client that create the wallet file and the type of the wallet.
For example a watch only wallet that only received the address to watch will not have the public key but a wallet that was created from a private key or deterministic wallet created from a seed will have both private and the public key in addition to the script type of the addresses created by that wallet.
3. If i have the real public key from this wallet.dat, can it prove that the wallet is true rather than a tampered fake wallet file?
Because no transaction has been sent, there is no public key on the public chain.
If you have created the wallet file yourself then you already know that it is the real thing but if you have bought it or found it somewhere then you should be sure that it is a fake thing possibly containing malware.