For what it’s worth here are my thoughts, I too have pfSense running with vlans.
Firstly I would document how you setup the vlans in pfSense, pretty easy to forget a rule or setting when you come to setup another vlan in x months time.
With that in mind I would setup the following vlans below, if you setup more than you need today, you won’t have to remember anything for when you need it later. Plus it goes faster the first time, if you forget the second time While you might not use a VPN today, if you were to set it up, you would only have to change the WAN on your rules.
LAN subnet 1
Management subnet 10
Personally I have very similar rules for my vlans, the difference is which WANs they exit and which vlans they can see. For example the ISP vlan can see the Guest vlan but not vice versa.
I stick all my vlan subnets in an alias, and use this in my rules, it results in needing fewer rules.
I would guess your current subnet is 192.168.1.x, keep that in place, your LAN, then setup the rest of the vlans in increments of 10, e.g. 192.168.20.x etc. Then move your devices accordingly once you have sussed it out.
Dude do not forget to take backups of your pfSense configs, you can never have too many !!! I would also take backups of the switches config too.
Once you have networking on the management vlan, the other devices on their respective vlans, then you can just use the LAN to directly access pfSense in an emergency if your switches go down for some reason. I have a LAN in place but never use it.
Depending on the number of ports you have, you might want to setup a LAGG between pfSense and your switch, LACP if it’s supported would be the better type.
Not sure if your access point will support multiple SSiDs / vlans, if not you can stick it on a single vlan for now then you might want to consider a new AP. If you do, you might want to check that the AP comes with an injector as they will usually be PoE, if you go down the route of IP cams, a PoE switch will be handy.