You have a couple of options - regarding device status, ROM origin && course of action - though every1 of them is focused on changing flags in fstab.qcom.
Basically, while flag in fstab.qcom for FBE is
and defines options for content && metadata encryption, flag for FDE is
U don't need to root.
Because u have nasty Nexus 5X (had very bad experience with that device) u can unlock bootloader, boot custom recovery - TWRP will suffice - format (not wipe!) userdata, push modified fstab.qcom with flag encryptable (or forceencrypt), reboot to bootloader, and boot device.
Not quite sure whether re-locking bootloader after changing fstab.qcom will cause a bootloop (did couple of lobotomies on that devices, but haven't tried this particular scenario).
Either way, if u try to re-lock bootloader && that ends in bootloop, u can always flash a TOT file.
There r modified boot images for that device for same purpose, but with additional code - custom sepolicy for root.