"it really depends a lot of how much inter-vlan routing you need": not that much I guess.. maybe only NAS and cameras should need inter-vlan routing
But those are the things that will generate the most traffic. One camera is going to generate more traffic than 50 IoT sensors. You should plan to have your NVR on the same vlan as the Cameras, then all the camera to NVR traffic will bypass the router.
"Do you plan to use the hAP ax³ as vlan-aware switches?": I think the answer is no.. if I correctly understood "vlan-aware" meaning. AP will be used only as AP and only wireless (only the switch will be wired connected).
If I understood you are going to have at least 3 separate subnets. Main, Camera/NVR, IoT/Appliance/HA
Do you have any wired devices on the other floors? Will all the wired devices be on the same subnet (vlan), or will there be some on the the "IoT/Appliance/HA" vlan, or Camera VLAN?
Will you have mulitiple SSIDs, one for each vlan? The hAP ax³ can be configured as a vlan-aware (by that I mean it understands vlans, and can untagged vlans on specific ports from the "trunk" link back to the main switch, so it could for example, have ether1 as the trunk link to the main switch (in the rack at floor -1), and then ether2 and ether3 as an access ports for a PCs on the Main lan, ether4 as an access port for the IoT vlan, and ether5 as an access port for the Camer/NVR vlan. That's about the only advantage I can see of using the hAP ax³ as an access point, otherwise a dedicated AP is better in my opinion. But it also requires the ability to get a wire to above the ceiling, and between floors, that can be a challenge unless there is a "dropped ceiling". In your case between 0 and 1 would be the most challenging.
"no IVL": I think/hope this won't be a problem
If you don't have two devices using the same MAC address, it won't be.
What about the CRS328 as a switch vs CSS610?
The CRS328 is superior, but more expensive (and uses more power), and under load can make fan noise. See ServeTheHome review here
MikroTik CRS328-24P-4S+RM Video Review Neither supports 2.5Gbps on the 24 ports. And if you are looking at wifi6, having support for 2.5G may be useful.
I tend to buy on what's currently available, not the promise of what is coming. Otherwise you will never get anything. I have Ubiquiti UAP-AC-LR APs, but I only use wifi for things that require it, IoT devices primarily. I don't stream TV over wifi, all my computers (including laptops) are usually used in places with wired access available. I use wifi for convenience, not performance. The only video streaming is to mobile devices like phones or tablets. Music/audio streaming to Amazon Echo or Google Home devices.
Any valid alternative to the hAP? I was thinking to them for the wifi6.. but I have no device that works with wifi6 yet and if I have to choose between good future + so so present vs good present + so so future I choose good present!
There are many APs to choose from. I haven't switched to wifi6, because I don't see the benefit based of my usage and like you none of my wifi client support wifi6 anyway. So I will probably use what I have until I find a need to upgrade. If you don't need wifi6, you may consider the hAP ac² or if you want more RAM and Flash, the hAP ac³ (but only if you plan to use dedicated APs, as from what I have seen reported, the wifi in the hAP ac* isn't stellar). And once you get to the hAP ac³, you may as well go for the more powerful hAP ax³, as it isn't that much more expensive. (although the street prices of the hAP ac³ have dropped since the hAP ax³ became available. You may be able to get a "deal" on a used hAP ac³ from someone that wants to have the "newest model"). But be careful when buying used, and always factor in shipping cost when comparing prices.
If CRS328 is not << CSS610 I think it may be good a option too: I can start with hAP as a router (or a virtualized one if it's better) and then add a dedicated device only if it's not enough.
If you keep the top talkers on the same vlans with the main devices they are talking to, then you won't be routing much local traffic. And I think you will find the hAP ax³ to be adequate for your needs. But I have no experience with any MikroTik devices other than the CSS106-5G-1S and the RB760iGS.