The router was originally built around OpenWrt, it seems like you can do this with OpenWrt.
I'm sure you can, their page for it is here. The guidance is pretty barebones though.
Do you think from a security and scalable point OPNsense would be better?
Openwrt targets much lower levels of hardware than OPNsense will run on. OPNsense is a full FreeBSD distro whereas Openwrt is customised linux. OPNsense might be easier to set up, I think for anything other than basic WAN router tasks OpenWRT offers a minimum of handholding.
Whether you can run OPNsense will depend on your hardware specs, although you mentioned it was an x86 router, and it would be pretty hard to buy x86 hardware that wouldn't satisfy their minimum spec level. Realistically though, for this use case the security (or lack of) comes from the setup, rather than the platform.
Please correct me if I’m mistaken; "transparent filtering bridge" is like using a border between two routers while still allowing devices to get an ip address from the ISP router without your devices being placed in a different subnet?
It allows you to apply arbitrary filtering to network traffic between two ports. So you would connect one port of your device (which would become a filtering bridge, not a router anymore) to the house network, you then connect all your devices to the other port (via a switch, or WAP). Your devices would still get their IP addresses from the main internet gateway which (I presume) is doing the DHCP today.
what I would like to use the router for is
See, this is where I think you are probably worried about things that either don't exist, OR you don't need to be worried about, OR they are things that you would need to have control of the main internet gateway to implement. Specifically:
A more secure way to protect my devices from being discovered on the internet (search engines for example that look for devices)
The firewall on the main internet gateway already does this (protects your devices from port scans etc). Normal search engines (Google, Bing etc) don't look for devices in the way you describe.
Make the devices not visbile on the local network to other devices to the owner
You can set up rules to only allow traffic that comes directly from the main gateway into "your" LAN segment, but I'm not completely sure what you'd gain from it.
VLANS with a managed switch
If you can't explain what you need a VLAN to do, you probably don't need one. Of course, the use case can be "so I can learn about VLANs", but even then, a VLAN is a tool, like a hammer. If I'm learning to use a hammer, I'm learning to do something with it. So maybe a better question might be "what is the something you want to learn to do?"
IDS/IPS
Setting up Suricata on an internal LAN bridge seems like (huge) overkill, but maybe you want to learn how it works? Worth bearing in mind that the firewall on the existing gateway will stop a lot of the traffic that might otherwise have flagged up on the IDS logs so it's not even really going to be a great learning opportunity.
adblocking
The "usual" way to do this is with something like PiHole that uses a DNS blocklist. However your main internet gateway is providing you with a DHCP lease that defines your DNS servers. I'd use something like uBlock Origin in your browser, instead. I'm fairly sure it has versions for mobile devices, too.
It depends what you mean by a VPN. You can use software on a PC, say, to connect to a VPN endpoint "out there on the internet" without needing any special routing hardware. If you want to VPN back into your own network while you're away from home, generally speaking that is going to involve some setup on your internet gateway, which you've already said is a no-no.
--
I should put a bit of a disclaimer on the above by noting that I am not an network professional, I'm an amateur network tinkerer with an interest in technology and just enough knowledge to be dangerous (mainly to my own network connectivity and spare time!)
That said, I don't think anything I've said above is very controversial. I do take your point about malware etc, but unless you know exactly what you're doing, I don't think that the transparent bridge idea is really going to help you out much. If you can give us more detail about the specific devices and hardware you and your landlord have, we can provide more specific suggestions.
)