Thank you for your answers!)
Disk-level encryption is recommended for encryption-at-rest. Because admins have the key, they can read anything in the database, including direct messages, which is similar to how email works if you self-host it.
There’s a feature idea for allowing end users to encrypt their messages so admins can’t read them.
Please consider upvoting it if it’s a feature you’d like to see?
As an admin in an enterprise setup, I wouldn’t mind this functionality as long as the admin can disallow this in the settings.
Obviously, it would only apply to private messages sent after the option became activated. And users would need to be informed that their messages won’t be encrypted before sending their first message, to balance the needs of the enterprise with the privacy expectations of the users.