Yes I’m on Trellis, Bedrock and Sage. Latest versions except Sage which is version 9. From the wordpress-site.conf.j2 file It looks like this is indeed redirecting from http://mysite.com directly to https://www.mysite.com when I have set up my wordpress_sites.yml like this:
However, I am not sure how to change this configuration in order to make this redirect to https before redirecting to www. Also, this is probably a general issue when having hsts preload enabled and using a subdomain like www as the canonical domain.
Using your configuration above Trellis/ansible generates nginx configuration.
You can check the resulting nginx configuration on the actual server after the playbook has been applied.
There are nginx blocks for redirecting from non-www to www and also one for redirecting from non-https to https. You have to ensure that the block for redirecting from non-https to https takes precedence over the other blocks for that site. For making this permanent you will have to adjust your Trellis project and change the nginx template.
This seems to improve security - on the other hand it also seems to add a performance penalty as now two redirects are required in the worst case: One from non-https to https, then one from non-ww to www (for example).