I would not think if the Fusion 13 GUI responds with "All the files" as the encryption setting that you used the experimental vTPM implementation of Fusion 12.2. The experimental vTPM could only be enabled by manually editing the .vmx file of the VM - not through the GUI.

I'm going to assume that you did not use the "experimental vTPM" as I attempt to answer your questions. 

>> 1. What exactly is encrypted when the VM is set to "All the files"?  I'm not using Bitlocker.

The .vmx, .nvram, .vms/.vmss (snapshot descriptors, if you have snapshots), .vmem (virtual memory backing file if you've suspended the VM) and all of the .vmdk files are encrypted with the setting is "All the files". This is independent of BitLocker as Fusion's encryption sits between the guest and the files on your host's disk.

Choosing "only the files needed to support vTPM" will encrypt the all the above except the actual data contained in .vmdk files. Unlike the "all the files" option. only the vmdk header is encrypted - the contents of a virtual disk (virtual disk-s00x.vmdk files of a sliced virtual disk) are not encrypted. 

>> 2. What is destroyed when the TPM is removed?  Does it just remove lines from the various .vmx, etc files or does it actually wipe the files out completely?

Removing the vTPM device alters the .vmx file and removes any items that support the vTPM. That process removes any data that the  guest may have stored in the TPM.  That would include BitLocker keys if you have configured Bitlocker in the guest. AFAIK nothing gets touched in the virtual disk as the vTPM is viewed as a hardware device to the TPM. 

Windows 11 expects to have a TPM. If you've deleted it you should re-enable encryption (with "only the files needed to support TPM"  encryption option) then re-add the TPM device before rebooting a Windows 11 VM.

>> 3. Is there a performance advantage, real world, to changing the VM to just ecrypt "Only the files needed to support a TPM"?

Yes. Encrypting "all the files" means that Fusion will have to use CPU time to encrypt and decrypt every I/O to the virtual disk. That doesn't happen when you choose "only the files to support vTPM"

>> 4. I made a copy of my Win11 VM.  Just copied the entire .vmware container.  Can I mount this as long as I have the original encryption password?  If not, what's the recommended way to bare metal backup?

As long as you have the encryption password you can copy the VM and unlock it. The encryption follows the VM (again, this assumes that you are not using the "experimental vTPM") of Fusion 12.2.

I just ran an experiment. In Fusion 13, I created a Windows 11 VM with all of the files encrypted (including TPM). Installed Windows (no Bitlocker). Shut down Windows, removed the TPM, and decrypted the virtual disk. Then I re-enabled encryption with "only the files needed", and added the vTPM. Windows would boot with no apparent data loss. 

Of course it Bitlocker were enabled, I would expect that I would have been required to provide the Bitlocker recovery key, just as if a TPM device had been corrupted on a real PC.