I understand where you’re at, as we just implemented pre-provisioning with MBAM using SCCM about a year ago. It’s challenging enough with SCCM, I’m not sure BigFix can do this (I don’t know if BigFix has a OSD functionality).
Remember that pre-provisioning often occurs outside of a windows state, like WinPE. I don’t know if there’s a BESClient for WinPE, but it would likely be easier to write a small batch file to copy the small fileload over (don’t forget your BIOS config tool if you want to prepare the TPM while you’re at it)and run the ZTIbde commands.
Unless someone knows otherwise, windows core services have to be loaded for the BESClient to run (it’s a service itself). If using BigFix was a must, and you’re doing this to save encryption time, you could kick off the encryption right after the client registers with the BES Server. In combination with enabling Used Space Only encryption it would likely be fully encrypted, or a few minutes from being there.