I am trying to get some answers on the request that I have. I have 200Mbit internet link burstable to 1Gbit, 90 users and manager said he wants to have ability to have report which site each user visited.

(Do not forget to integrate your firewall with you SSO solution, ex. AD)

Considering today most of the HTTP traffic is SSL in order to do this 1st I need to be able to decrypt incoming SSL connection on the edge (otherwise firewall can't get information from HTTP headers like hostname, thus firewall is not able to track sites visited right?)

(If you does not open SSL connection you do not have all visibility for your report. Firepower will gives you alot of information but will miss some, best way is do ssl decryption)

If my assumption is correct, assume you wan to black facebook and all subcategories there are application categories you can block for facebook but facebook uses SSL to protect their site so how can firewall block these without SSL decryption ? 

(URL FIlter will be able to block all http/https connection with explicity URL. But you can not do a policy with "microapplication" whithin SSL/TLS connection)

To have all security features enabled on the edge device (url filtring, file inspection, AMP, ssl decryption) is it correct to assume all ASA with Firepower devices take 90% performance hit, even the Firepower 2100 which I would need if all this is correct to support 200Mbit internet link correct ?

Firepower 2100 will support 200Mbits of SSL without problem. It has a special processors for this work. You will have problema with old version of Cisco firewall ( like ASA 5585/5555 ).

Do I even need to decrypt incoming SSL traffic to be able to compile report of which sites each user visited.

Yes and No. You can miss some information if you do not decrypt TLS/SSL. Dont forget to flag for log or you will not be able to get all information.