No - my previous statement in this regard was not clear in this regard, sorry.
If you use Cryptomator, you won’t be able to access or read the encrypted data through the NextCloud web frontend in any meaningful way.
That’s actually not even really possible, as in this case the user’s web browser would somehow have to decrypt everything on-the-fly, and the data would also need to be decrypted if you want to use server-side online editing functionality like OnlyOffice or Collabora Online/CODE, so you’d immediately lose the advantages of encryption in any case.
I don’t know your requirements, but if you want to use such features, you probably do not actually want E2E encryption.
Users who need to access the encrypted data need to synchronize the data to their local system, where it’s decrypted. In case of the E2E solution integrated into Nextcloud, this should be possible with the NextCloud client directly (but that’s just the feature which doesn’t fully work yet).
Cryptomator just replaces this step with an alternative encryption solution - it takes the encrypted data synchronized by the NextCloud client and provides an unencrypted view to it, so you can use the data with any local applications (PDF readers, MS Word, …)
Yes, together with the NextCloud client.
And also every user has to know the encryption key, so Cryptomator probably would not work for you - you’d have to trust each and every user not only to keep the password safe, but also safely destroy the keyfile she/he used.
So you won’t really have extra security compared to just revoking the user’s access to the directory.
I don’t know your threat model, but you probably need a different solution then.