Before changing setup, make backup of device. If you don't succeed in reconfiguring the device, you can still revert to current setup.
For switch-chip centric setup, the L2 setup should look something like this:
/interface ethernet switch
set ether1 vlan-header=leave-as-is vlan-mode=secure
set ether5 vlan-header=leave-as-is vlan-mode=secure
set switch1-cpu vlan-header=leave-as-is vlan-mode=secure
/interface ethernet switch vlan
add independent-learning=yes ports=ether1,ether5 switch=switch1 vlan-id=835 # IPTV will pass between ether1 and ether5 only
add independent-learning=yes ports=switch1-cpu,ether5 vlan-id=848 # PPPoE passing only between ether5 and CPU
add independent-learning=yes ports=switch1-cpu,ether1 vlan-id=8 # LAN VLAN between ether1 and CPU
add independent-learning=yes ports=switch1-cpu,ether1 vlan-id=10 # LAN VLAN between ether1 and CPU
add independent-learning=yes ports=switch1-cpu,ether1 vlan-id=11 # LAN VLAN between ether1 and CPU
# ... add other LAN VIDs as needed
/interface bridge
add name=bridge admin-mac=uu:vv:xx:yy:ww:zz name=bridge # mandatory setting is vlan-filtering=no (as it's default, it's not shown in exported configuration)
/interface bridge port
add bridge=bridge interface=ether1
add bridge=bridge interface=ether5
/interface vlan
add interface=bridge name=vlan848 vlan-id=848
add interface=bridge name=vlan8 vlan-id=8
add interface=bridge name=vlan10 vlan-id=10
# add other VLAN interfaces as required
#
# IP setup is then same as with VLAN-aware bridge, bound to appropriate VLAN interfaces
Beware that changing settings on the switch chip is a fast-track to locking yourself out of device and only way back is to perform factory-reset (not even winbox can help there). I guess the easiest way (still hard) would be to construct a configuration script with proper L2 config, perform reset of device to no config, user winbox to connect, upload config script and run it. Management connection will likely drop, but if everything done correctly, you should be able to re-connect and continue with L3 setup.
While syntactically it is possible to mix switch-chip VLAN setup and vlan-filtering bridge setup, result might be slightly undeterministic, so I suggest you not to mix both.
On the other hand I don't understand your statement about core switch becoming another point of failure if you connected GPON to it. Unless you connect client devices (APs, wired computers, ...) directly to PGS960, your core switch already is a significant point of failure.