I think this will work for you, the search pattern has the optional www and redirects using the back reference C:2, the rule has a condition to only run against non https.
This is the pattern:
"^(www\.)?(.*)$"
where:
{C:0} - www.domain.de
{C:1} - www.
{C:2} - domain.de
Here’s the rule in full:
<rewrite>
<rules>
<rule name="SecureRedirect" stopProcessing="true">
<match url="^(.*)$" />
<conditions>
<add input="{HTTPS}" pattern="off" />
<add input="{HTTP_HOST}" pattern="^(www\.)?(.*)$" />
</conditions>
<action type="Redirect" url="https://{C:2}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>