These are different application categories, which you can use directly in a ruleset or use the risk score or the other groupings.
You could just allow youtube-livechat, but decline youtube-streaming. As there is no extra category for Youtube Shorts, the firewall would categorize it as youtube-streaming probably.
This is partly dependent on SSL decryption, the Firewall would just categorize everything as youtube, if you have no SSL decryption and there would be no flow marked as youtube-streaming.
Btw. setting up SSL decryption is a very common and easy thing, as long as you control all end devices, so that they trust your certificate authority.
The most complex part of setting up SSL decryption at a company is to convince the company lawyers and the workers council. At least in Europe.