(Hypothetically) wouldn't it be possible for client devices to generate key pairs, and for messages to be stored on the server encrypted in such a way that recipients' client devices could decrypt them? (I think that's what Signal does?)
Not saying that that's what happens on Mastodon instances, I don't know enough about it's operation to comment.
Yes, end-to-end encryption is possible. It just needs support in clients, as well as a common protocol if you want it to work between different clients.
Chances of a centralized Twitter stealing your sensitive information is quite a bit lower than N number of federated Mastodon instances run by any number and types of actors.
If you don't own the key exchange (and you don't, even on the services most people consider secure), you're still, on some level or another, just relying on trust that this is the case.
At any rate, mastodon is a web app, not an IM client. No one who's ever raised this has even begun to explain how you could work e2e into something like it. Certainly no other microblogging platform has e2e anything, because that's not actually a thing that makes sense.