1. Don't change to the ONR. Getting permission for bridging is a hit-and-miss, but it's also the exception rather than the norm. If you have the ONT, fight to stick to the ONT. The 2Gbs plan generally not benefit most people in terms of bandwidth - but perhaps you have 20 or more people staying at home with you and all using the bandwidth at the same time. If it's the normal 5 or fewer pax household, a 500Mbps/1Gbps plan is more than sufficient imo.
(Just fwiw, Netflix streaming at 4k only requires 25Mbps). In any case, with the 2Gbps plan, it's split into 1+1: 1 Gbps bridged, and the other you're forced to be unbridged. It's "combined" by Singtel's proprietary router, so effectively you either remove your OPNsense box from the network, or you run it at 1Gbps anyway.
2. VLANs are the way to go so you will only need one set of infrastructure and VLAN tag appropriately. You don't need separate wireless equipment for that - just cofigure tags and switch as needed.