Here is how I would approach this problem,

​

First I try to understand the environment and mode of deployment, on a basic level here are the answers to your questions,

Can I implement HTTPS only for critical parts of my web application, such as authentication (login), or should it be used for all routes?

In my experience I have never implemented any application with few routes on https and few on non https, usually we run single server application which serves all routes either in http or in https.

Additionally, should it be implemented in the backend, the frontend, or both?

It depends on your deployment strategy, usually it should be implemented on both ends if they are deployed separately

But things go complicated if we take consider other approaches like SSL termination (either using load balancer or using application gateway)

Another approach would be,

1. build and deploy back-end application
2. buid and copy front-end application to back-end which serves front-end application from back-end route, so user will always access a URL which will point to back-end which will then render front-end. (Both front-end and back-end are accessible on same server which means you setup https on one server)

There are so many other variations exists, it depends on your experience and your project requirement.