There is no need for rEFInd to do anything differently - or to implement the decryption itself. The trick appears to be that your /boot has to be the ESP - initramfs can ask for the password if correctly generated for this setup. It sounds more than a bit convoluted to set up though! Especially trying to get the installer to put things where you want them.
One way to get there apparently involves making a temp partition to hold /boot, mount the ESP as /boot/efi (for now) and the /boot as /boot and the rest as your setup. After booting, do NOT restart. You will be copying vmlinuz-linux and initramfs over to the ESP, chrooting into your new setup to regenerate initramfs, redoing fstab to point to the right things, dumping the temp /boot partition etc.
If trying this - PLEASE do it on a VM, and have it working (reliably!) before trying on the metal! Actually - if I was trying it, I would probably try it from an Arch base install rather than a Calamares install - but that may just be me (and liking having arch-chroot to keep it simpler)
There are walkthroughs in existence, but they all need mods to match what you’re trying, so knowledge is essential! The payoff, though, would be a rare and secure setup indeed - easily booted with rEFInd, and multi-boot capable as well.