But the clients cannot see each other. The router can see them all tough.
What exactly is the question? That clients should not see each other? That's impossible to achieve as long as they share same (unmanaged) ethernet network
For those interested in the details: Running more than one IP address on the same physical Ethernet interface is perfectly legal. Is is called a "Multi-homed" or "Multi-Netted" interface. All known OSes including Windows can be configured that way (see Advanced IPv4 settings of a Windows Network Adapter).
This is how we sent different IP subnets over the same wire years ago, before there were VLANs. The different subnets are separated on Layer 3, but share a common Layer 2 broadcast domain. Clients will be able to directly talk to each other using Layer2 Protocols only. But doing so requires Admin/Root on the clients. So depending on the environment, there might by security impact.
But of course running a dedicated VLAN for each IP Subnet eases network management, lowers broadcast traffic and makes DHCP a lot easier. But security is only improved for Clients running on untagged access ports where the Switch drops tagged packets.
This is an opportunity to fight a popular but wrong believe: VLANs on trunked/hybrid connections are only to improve network organization, NOT to improve security. Every malicious client can monitor network trunked/hybrid traffic for VLAN tags in use and join a VLAN of its choice. It is also no problem and just some minutes to just blindly automatically try all available 4096 VLAN IDs.
I saw many times Network admins running the tagged Mgmt VLAN in parallel to the untagged normal client traffic assuming an attacker not knowing the Mgmt VLAN Id adds security. It does not.
This is why it is very important to physically protect wires running trunked/hybrid connections and closely monitoring them for link status changes. Not knowing the VLANs in use does not change much for an attacker having physical access to the connection.