E2EE isn't forbidden per se. But if you are a public communication provider over a certain size you need to provide access upon request if technically possible. It isn't really clear even in the case of Tutanota if they fall into that regulation, however, they had to preliminarily comply anyways: https://www.heise.de/news/Gericht-zwingt-Mailprovider-Tutano...

Healthcare providers operating a Matrix server won't be communication providers to the public, and if they aren't using a web client or some similar crap, breaking E2EE won't be possible. Webmail providers claiming E2EE like Tutanota are imho liars anyways, because Javascript on a website isn't a secure "end" for the encryption.

So use client software that isn't attacker controlled easily, keep your keys private, only encrypt to trustworthy keys and you'll be fine. Matrix ticks all those boxes if you don't use the web client. And the only legal way in for German law enforcement would be to infect your device with some trojan ("Bundestrojaner", like e.g. NSO Pegasus).

German government IT is far removed from being a monolithic entity. There are a lot of different actors involved with different priorities.

In this case law enforcement can simply request the data (as long as such a request is legal) at either end. No need to attack the connection in between.