2.) I have disabled every usage of TLS or SSL at our Wildfireserver, but the CM is still using TLS Encryption for Client Connections
3.) Connections between CM and Wildfire Server seems to be always encrypted, too.
We really need to setup unencrypted connections to the connection manager, which seems to be not possible atm, or is there any hidden (and working) config file entry?
You need to set the system property xmpp.multiplex.tls.policy to define the TLS policy to use. Possible values are: required, optional and disabled. Restart the server for the new setting to take effect. So if you use disabled then connection between CMs and Wildfire will not be encrypted.
You can use the Security Settings menu item in the admin console to define how clients should connect to the server. You can disable TLS from there but remember to restart the CMs to the change to take effect. The next CM release will not require to be restarted.