WHEN and WHY one should add the bridge ITSELF as tagged interface in bridge-vlan configuration ?
I'm using a CRS354 as basic L2 switch with bridge vlan filtering
The only L3 thing is the management IP address of the dedicated Vlan

Hello,

It is used for L3 Hw. Offloading and when you want to have a tagged VLAN interface on the switch with the management IP

More generally: bridge port is a CPU-facing port created automatically with every bridge ... and it functions the same way as the rest of bridge ports. It's special because it's created and added implicitly and carries the same name as bridge switch-like entity, again named with same name as the switch-like entity. The third entity, created automatically, is CPU bridge-facing interface. So: whenever device (which has the bridge configured) needs to interact with certain VLAN on L3 (IP layer), then bridge port has to become member of that VLAN. It could either be untagged (in which case all L3 setup goes directly on bridge interface - bridge-facing CPU interface). Or it could be tagged in which case one has to create VLAN interface (with corresponding VLAN ID set) and anchored to bridge interface.

The above principle holds both for in-band management VLAN (in which case it might make sense to make bridge port untagged member of management VLAN) and when device is actually routing ... in which case bridge port will have to be tagged (ideally for all VLANs, might be for all but one VLAN) and corresponding number of VLAN interfaces has to be created and configured. In case of routing it conceptually doesn't matter if routing is done by CPU or if it's offloaded to switch chip (L3HW offloading).

If bridge CPU-facing port is not made member of a VLAN, then CPU doesn't have access to that VLAN (it'll be passed between member ports).

Thank you for explanation !