My hosting plan is pay-as-you-go. Will bandwidth cost more for https since it's encrypted? Example: will a 100MB file end up using more than 100MB of bandwidth?

No. The block or stream ciphers that are used by SSL/TLS to encrypt the data in transit will add, at most, a handful of bytes to the file's transfer size.

I understand that http is faster, but is https similar in speed after all the initial server handshake stuff? (note: I am using CDN)

Yes. Encryption takes extra CPU time on the server and on the client, but on modern CPUs the impact is fairly low. As long as your client and server are not CPU-bound, the encrypted transfer will be just about the same speed as unencrypted.

My URL given to download the file will contain a signature, etc. to verify that only the person who purchased can download. Should I use https to keep this signature secure?

Yes, the URL being visited is secured end-to-end from the client to the server by SSL/TLS - the exception here is that the hostname part of the URL is not necessarily secure, but in your case that should not be an issue. As long as the client system is not compromised or using a malicious proxy server, the data is safe in transit.

If I were to use http, would the file transferred be secured from hackers?

No. HTTP traffic is completely in the clear; anyone on the same network segment as the client downloading the file (or the same coffee shop wifi), as well as anyone with access to any of the network infrastructure between the client and server is able to see the full request and full response. SSL also provides additional assurance to the client that the system that they're connecting to is what it says it is, instead of a potential attacker's server. If the data being transferred in the download or the URL to request the download is sensitive, then encrypt it.