A few answers to your questions:
- CAPsMAN can only be used to provision wireless interface(s). So you can’t configure vlans on ether1 interfaces on CAPs using CAPsMAN, you have to do it manually on each CAP.
- You don’t want to have multiple bridges on any MT device. Why it affects your use case? Because one interface (i.e. wlan1) can only be member of single bridge which means you have to use single bridge (in your case could be with or without VLAN support … but better make it VLAN-aware).
- Proper place for MAC-to-VLAN table is probably RADIUS server. But that can be overkill for home environment. Another possibility is to use wireless interface access list where it is possible to create such a table. Look at this thread. It should be possible to do it via CAPsMAN, /caps-man access-list offers needed attributes (e.g. vlan-id, vlan-mode and mac-address).