You can insert these 2 rules:
RewriteEngine On
# force https
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE]
# force www for main site
RewriteCond %{HTTP_HOST} ^domain\.com$ [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE]
# remove www for app site
RewriteCond %{HTTP_HOST} ^www\.(app\.domain\.com)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L,NE]
RewriteCond %{THE_REQUEST} \s/+app[/\s] [NC]
RewriteRule ^ / [R=301,L]
RewriteCond %{HTTP_HOST} ^app.domain.com$
RewriteCond %{REQUEST_URI} !^/app/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /app/$1
RewriteCond %{HTTP_HOST} ^app.domain.com$
RewriteRule ^(/)?$ app/index.php [L]