Nice diagram by the way.
I am getting my pi 3+B this week so I plan on something similar
All my subnets running PCs will have to go through pi for dns resolving and add blocking.
For my smart devices, media devices, game devices, dont think it really matters unless someone has a compelling reason.
I should be able then to of more assistance.
In the meantime for you vlan setup, this is the best reference.
http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1