Fair number of things you're asking about but for all intents and purposes you can use your GOS device just like your normal pixel. You touched on the pay not working on GOS so you already found one of the gaps. That being said, if your bank app allows tap payments from their app then it will usually work from what I've heard.
For separating apps, some users have a profile with google play and a profile without. Then storing apps accordingly.
Some compartmentalize a bit more and isolate their banking apps or higher security apps in their own profiles. Each profile functions as it's own device so there's a benefit to that depending on use case.
You can check out the YouTube channel by sideofburritos, he does a walk through on the "clean" owner profile. This is essentially just loading / updating all apps in the main profile then moving them over to other profiles. Running the phone off a secondary profile allows it to be shut down or deleted / recreated if needed. He also covers popular apps he uses.
Vanadium is a pretty good browser. It's best to avoid gecko based browsers on android (Firefox etc) since they don't isolate sites to the same degree as chromium bases browsers.
But the best is to try different things based on your workflow and you'll find what works best for your setup. Don't think you have to isolate everything right off the hop though. You can also turn an apps website into a progressive web app and just use the "app" that way.
It's fun to play around and see what works and what becomes too cumbersome to be effective.