I think you’ll find the more important .htaccess file is in your public folder. So you can probably leave the .htaccess file in your project root untouched, and add the directives your host gave you to the top of your /public/.htaccess file.
Putting the rules at the beginning of public/.htaccess didn’t work. To get it working, I added the rules directly before the last SilverStripe rewrite rules.
# Force HTTPS Rules
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
# Process through SilverStripe if no file with the requested name exists.
# Pass through the original path as a query parameter, and retain the existing parameters.
# Try finding framework in the vendor folder first
RewriteCond %{REQUEST_URI} ^(.*)$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule .* index.php
Because this happens at the server-level, making it more efficient, so you aren’t having to load the PHP interpreter, load the SilverStripe framework, etc. just to redirect the user to the secure version.