I'm a bit lost in the product line and I'm finding it hard to understand what can or can't be done with this or that product.

I'm a private individual with a network that could be described as "advanced", with a firewall, a router, a computer rack and several VLANs. I think that my network is closer to that of a small business than that of a private individual.

Sounds familiar :).

Omada doesn't require any software licensing, the cost is effectively paid for as part of buying the hardware. You can self-host the controller easily in a virtual machine, docker container or the like (I currently run my controllers in Debian-based VMs). They also sell a hardware controller as a convenience, which without digging into I assume is essentially some sort of SBC (ala a RaspberryPi) with a basic setup to get it going, but it's not necessary just speeds things up for less power users. All their access points and switches use standard 802.3 PoE, no proprietary 24V. The controller will run fine via layer 3, through a VPN tunnel for example, so it's also possible to host it on another physical site entirely (which could be your own, or could be a cloud host if you preferred). Their switches and WAPs support isolating control traffic onto its own management VLAN.

For running multiple VLANs you can certainly consolidate that fine into a single SSID, though in practice I think 2-3 is more typical. VLANs can be assigned to wireless or wired clients via RADIUS (an EAP enterprise network with WiFi), RADIUS MAC auth IIRC, via PPSKs (where the WAP essentially pretends to be a regular PSK network, but supports a few hundred unique passwords each of which can then map to a given VLAN), or for wired connections to an Omada switch as a manual port override (ie, it treats it as the native network and tags all traffic into the port). All involve some tradeoffs. Enterprise WiFi networks can support all the most modern WiFi standards, including WPA3 and 6 GHz (WiFi 6E, WiFi 7) but client support is depressingly limited particularly when it comes to appliances and IOT, and the deployment story kinda stinks outside of Apple devices or using an onboarding solution. MAC based assignment requires a lot more manual upkeep and is more fragile which can be OK for an individual but is a pain at scale. PPSK is extremely pleasant from UX and compatibility perspectives, but current implementations do not work with WPA3 and thus 6GHz either. What I do myself is run a primary SSID which is either WPA3-Enterprise or PPSK depending on site needs, an IOT dedicated SSID that is PPSK, 2.4GHz only, and with all the fancy roaming etc options turned off, and then a dedicated Guest SSID where all clients are isolated and put into a guest VLAN.

While you can deploy WAPs alone, I'd kinda suggest getting an Omada switch for them too if they meet your needs, it does make keeping track of everything either. It's not necessary to use their router/gateway offering and I do not myself, I run OPNsense (this isn't dunking on Omada, I did that before ever trying it and am paranoid about dependencies), but doing so can make it easier and give you a nice "single pane of glass" for management and oversight of the entire network from one place. Your call.

I agree that now isn't necessarily the time to go high end for a greenfield project. WiFi 7 will be a major improvement really kicking off next year and then probably taking another year or three to really bake, and higher speed ethernet/fiber switching and NICs are really building momentum at last, so it's a rare transition period in networking. You might find McCann Tech's comparison page and tables (search for "TP-Link Omada Comparison Charts", this forum doesn't allow links) of the Omada products helpful in getting an overview of the entire line. All the 600 series support WiFi 6. All that said when it comes to Omada frankly there just isn't actually much difference in price for a 2x2 vs 4x4 AP or 80 vs 160-supporting AP when you're only talking 2 of them. All are decent but I'd just go for the extra $30-50/ea in this case, the headline numbers for WiFi are basically lies but if you're in a clean non-DFS environment being able to use a big flat channel might be something you find useful, and even if not more MIMO can make some practical difference in less than ideal conditions. So I'd lean towards the 653 or 670, because while they won't be significantly better they also don't cost much more. But if you just want to save that the basic 610 will perform fine and do everything else you want on the technical side.

Good luck!