1. The main fundamental differences are the package manager, the way the system is setup (partitons, immutable distros), and possibly software you don’t want installed. Aside from that, you can install basically anything on any distro. Some do make it easier than others to install new things though.
2. Canonical (Ubuntu and direct spinoffs) and Manjaro are the ones I recommend avoiding, because their marketing and “general sentiment” goes against my opinions of the distros/maintainers. However, switching Linux distros (especially to another one with a similar base) is not nearly as daunting of a task as switching from Windows to Linux. Some corporate distro owners might pull something like advertising, but there’s often an easy way out (except with snaps).
3. As for the distros you mentioned, Fedora, Mint, and Pop!_OS are all good options. Mint and Pop!_OS are both based on Ubuntu, which could cause issues in the future, but Mint is working on a Linux Mint Debian Edition. Aside from that, my general recommendation is to stay close to upstream. Distros further downstream tend to break more often (think spinoffs of Ubuntu, Arch derivatives, forks of Fedora, etc). There are exceptions to this rule, like when a distro stays close to upstream.
4. In recent times, it should all be working okay! We’re “in the middle of a long time switch” from X11 to Wayland. Those are protocols for the way applications display to the screen. X11 is lacking features, like HDR, and can have issues with “weird” multimonitor setups. Wayland is being actively developed, multimonitor works fine, and HDR is available for some desktop environments (like KDE or GNOME). Not all distros default (or support) Wayland yet, so if you need HDR, pick a distro with KDE or GNOME as its desktop environment.
5. This situation has gotten more complex with Wayland (one of the pain points still being worked on). The features you get partially depend on which DE (or wayland compositor) you choose. Previously on X11, this wasn’t the case. For Wayland DEs, KDE is moving relatively fast, with new features nearly every release. GNOME is moving slower, but should cover most people’s needs. As for tinkering around with your choice of UI/DE, there’s many options available, but KDE offers by far the easiest customization possible (it’s all in the settings menu). There’s more complex, more customizable options available, but I wouldn’t recommend them as a starting point.
6. As for nvidia, it has been progressively getting better, but there are still nvidia specific issues that come up from time to time. There’s not really much you can do about it, aside from following changelogs and updating when the thing you’re running into is fixed.

Now for your list of applications:

• Gaming (through steam) works great! There’s definitely still issues, but I’d argue there’s not really more issues than on Windows, just different issues. There is one category of games that’s still problematic, games with kernel level anticheat. They do not and likely will never play on Linux. Other launchers (EA Play, Ubisoft Connect, Epic) can have their own issues, although there’s often fixes/workarounds available rather quickly.
• Firefox works just fine on Linux.
• VLC works great too, although there are other options available that are more modern or better in some ways. It’s up to you to decide what to use.
• Spotify works just fine, there’s always the website in case nothing else works, but the “app” as a flatpak or even through repos works too.
• Discord has some issues accepting that Linux exists, but have recently started making some changes with that. Most people either use Disocrd in the webbrowser (to prevent too much system access), or run a custom client like Vesktop.
• Godot works great on Linux, I don’t have much else to say about it tbh.
• Visual Studio Code too, it’s basically just a webapp. Some integrations might be slightly different (like the terminal), but otherwise stuff “just works”.
• Git was quite literally made for Linux first (as a project, but also as a platform to run on).
• Photoshop is going to be difficult to get running, if it works at all. You can certainly try, but it might be a good option to find an alternative for this one.
• Audacity works great
• Davinci Resolve does have a Linux version, but the free version can be picky about codecs. There’s always tools to reencode your inputs, but it’s not always convenient drag and drop.
• Misc. tinkering is going to be much more fun, as things in Linux ecosystems are often open source. Not only can you mess around with tools that already exist, you can edit them, or even make your own. Some “niche” hardware might give you issues (like iirc the goxlr, or some capture cards).

Good to note this example is from 2022-08-30. Despite its “reputation” among some, Arch doesn’t break that often by itself.

Not OP, but modularity. An X11 WM is just a WM. You can choose compositor, bar, shortcut daemon, etc. With Wayland, a single implementation holds most of that, and more. If you need a specific feature from your display server, you are stuck on WMs that support it. This has forced me to use KDE for Wayland on my main workstation, and although it works well, it’s not my prefered WM/workflow.

Alongside that, no clones of several X11 WMs exist. bspwm for example. Riverwm exists, but has major limitations, and the workflow isn’t the same.

The antivirus: Used to be good, decent free (in price) tool if you’re in a situation where you need one. Otherwise, Windows Defender is good enough for your needs. (And just don’t install goofy ahh apps on Android, you also don’t need one there).

The VPN: Same as any other VPN company. Chances are you don’t need one, and all of them are based fully on trust. “Least bad” VPN award goes to Mullvad.

NordVPN (and their entire service stack) is not trustworthy at all.

The extra y just forces a database update. The mechanism to detect when not to update the database is a simple timestamp compare, and shouldn’t break. archlinux-keyring might need a “manual” update if an Arch Linux system is left without updates for a longer period of time. That’s the only situation doing pacman -Sy, then pacman -S archlinux-keyring is recommended, and it needs to be followed with pacman -Syu to avoid a partial upgrade.

““compromised device”” in this scenario is any device with a chat app installed, push notifications on, and the chat service uses Cloudflare CDN. This is a very common setup, Discord and Signal were mentioned as examples. Many others are vulnerable for the same thing. With read receipts on the chat platform (like Signal), no push notifications are required.

The headline is sensationalist, but it isn’t something to be ignored. Especially for more privacy focused platforms like Signal, even leaking the country someone is in can be considered a risk. That’s effectively what this attack allows.

If you notice things are missing, feel free to contribute to OpenStreetMap. For example, by using StreetComplete. If you add the map details that are missing, it makes the map more useful for everyone.

virt-manager only requires access to the libvirtd socket, as long as the flatpak.has that as default configuration (which I imagine would be the case), there’s zero difference beteween flatpak and native.

not actually degoogled

Aside from vendor firmware, LineageOS is mostly deblobbed by default afaik. The remaining bits that connect to google (by default) like AGPS or captive portal are significantly less information than full google play services.

try to do it in ways that provide no privacy benefit

Replacing google play services with microg might have the same security downsides as regular google play services (privileged access), however, MicroG is open source. It still connects to Google, but sends significantly less data, and you can see exactly what it sends.

Break any semblance of security model

Rooting is one example, but access to it is often left up to the user. Keeping the bootloader unlocked has some major security downsides, but they’re entirely for when an attacker has physical access. The privacy downsides of an unlocked bootloader do exist, but they’re hard to exploit even with physical access.

ingnoring all of AOSP is Google

Yes, this is something you are forced to ignore with any custom Android ROM. Graphene, Divest, Calyx, etc all suffer from the same issue. Sending data to Google and privacy is not the same as being independant from Google developed software.

purely focussing on Google

On an AOSP or LineageOS based rom without preinstalled bloat, this is almost entirely up to user choice. You can choose to only install FOSS apps without trackers, or use Aurora store and install proprietary apps. You can choose to block network access for apps with trackers, or isolate them to a work profile and kill them in the background. It isn’t good to focus only on Google, but it’s a good starting point to use a rom without standard google play services.

While I agree that a hardened and privacy focused rom is better for privacy than regular LineageOS, privacy is not black and white. MicroG sending significantly less data is better than full access google play services sending all data. Not sending data is better than MicroG. That doesn’t mean every user is able to use an entirely degoogled rom. Each person should decide for themselves what they’re okay with and what they absolutely require on their own device. When someone is trying to get some privacy back, MicroG is a great option “in the middle” where as little functionality as possible is lost while sending as little data as possible. Discouraging that someone takes steps to improve their privacy just because it isn’t perfect is not good, as that often results in someone not taking any steps towards privacy.

On the compatibility, while MicroG has some issues with specific apps, it does generally work (from what I hear from others). Not having google play services (or MicroG) can work, but it requires missing out on some google services like notifications for proprietary apps. For me personally, that’s not a big issue, as I only use FOSS apps.

Simply not having google play services installed is a massive privacy win. Any custom rom (without google) will offer that. Divest and Graphene offer some extra security features.

The compatibility can be usable if you don’t rely much on closed source apps or their notifications. If you do, you’ll need either microg or full google play services.

Lead dev of grapheneos is extremely toxic in communication. I don’t trust someone like that developing the software running on a phone.

EDIT: This comment seems to be particularly controversial, with many people praising GrapheneOS as a project, while ignoring the developers views and actions. Although my opinion of the main developer is negative, the project itself and its goals are great. To clear up some confusion, I want to add to my previous statement:

At first, this seems like the standard “separating art from the artist”, however, GrapheneOS is a ton of code, not just art. When it comes to other forms of art, like literature or paintings, an artist maliciously hiding their personal beliefs in their otherwise “unbiased” work might degrade the quality of the final result, but does not have much significant impact outside of that. When it comes to code, programs, OSes, this changes. The artist (programmer) changing their art (code) based on their personal beliefs is not just a degradation in quality, but a security risk for anyone running the code and trusting the developer. Having seen the way the GOS dev speaks about its community and even people in support of him (see Louis Rossman’s video), it becomes clear that the mentioned “risk” of malware is very much present. Like many others, I don’t have the time to verify the source code of an entire Android rom myself, which means I would have to trust the GOS dev to not insert anything malicious, after the statements he’s made. I’d have to trust him after he’s grouped a majority of his community into “people who are after him and are swatting him”. It’s a very real possibility that someone with beliefs like that would add malicious code to his project, and I’m personally not willing to run that risk.

Please note that I am not encouraging people to “go harass the dev”, that is an immoral action nobody should be doing. I am trying to inform people of the developers behavior online, past and current, so they can make a decision for themselves whether to run his software on their personal devices.