Encrypted Contact offers your website visitors a tool to protect their messages before they are sent to the website's owner via email.
Yes, because the software relies on the operation system capabilities of Linux to work securely. It also requires an installation of GnuPG on the server, which is usually present already.
Not necessarily. But you have to trust the system administrators, because the encryption is done on the server and can be intercepted there. In order to perform the installation you need a safe place for the encryption key(s), which is located outside the web server tree. The default installation assumes that you use the directory "/home/gpg" for this purpose. You need to ask your system administrator to create this directory for you and to make it writeable for the web server process only. That means, if you cannot use a safe place for your encryption keys with restrictive access permissions, your encryption will refuse to work. This is not a bug but a desired performance of Encrypted Contact.
Once your server's sysadmin has created such a directory for you, and its name matches the setting for $GPGDIR in the file "gpgconfig.php", then all key management can be done via the admin panel without any further help from the sysadmin.
If you like to read more about the desirable server environment for encryption, have a look at [this article] (https://senderek.ie/articles/what-is-a-secure-server.php).
Because, if you don't you trick your website visitors into entering confidential messages into a form that transfers these messages insecurely, i.e. unencrypted to your server. And your website visitors will not even be sure their messages will arrive a the server you call yours. Under these circumstances it is pointless to encrypt something on the server that has arrived insecurely. Encrypted Contact will check, if the message has arrived via https, and it will refuse to work, if not.
HTTPS is a basic requirement, if you are serious about the security of your website.