Should I configure the OpenWRT or Cisco as the DHCP server?

OpenWRT will most likely have a better GUI than the old Cisco switch, so if you need it up and running as soon as possible then it's probably the easiest and most flexible approach.

Should I configure the VLANs on the OpenWRT or the Cisco?

Assuming you need VLANs, you'll need to configure them on both the router and the switch. You will connect one interface of your OpenWRT router to one port on your switch. This interface will be configured as a "trunk" port on both ends (switch and router), meaning that it carries traffic belonging to multiple VLANs.

The other ports on your switch do not need to be trunk ports for the topology you describe. Rather, you will assign some number of ports to each VLAN (these ports are sometimes termed "access" ports). For example, a port used for security cameras would be configured as an access port for VLAN 2. The camera plugged into this port would then be assigned to VLAN 2 and would have no awareness that it was connected to a VLAN or not. All it would know is that it needs to connect to the router to reach hosts outside VLAN 2.

When you configure a trunk port on a L3 switch, you'll have similar options to assign IP addresses and create DHCP pools. If you're using OpenWRT as your default LAN router and DHCP server, you shouldn't set these options on your switch as well.

When you configure a trunk port on your router, it will create a sub-interface for each VLAN. For example eth0_vlan1, eth0_vlan2, eth0_vlan3, etc (I don't know how OpenWRT names interfaces). Since you require the ability to firewall traffic, you'll be assigning an IP address in a different network to each of these sub-interfaces. For example, eth0_vlan1 could be 10.0.1.1/24 and eth0_vlan4 could be 10.0.4.1/24. You would then enable routing on these interfaces, and announce the IP address of each interface via DHCP. For example, this would make 10.0.1.1 the default router for the 10.0.1.0/24 network.

One limitation of L3 switches is firewalling. Some L3 switches implement stateless firewalls, but you'll rarely see a switch with full stateful firewalling abilities. This means that while it's possible to restrict traffic by IP address and port using a L3 switch, you are limited in how you process NAT addresses and malicious inbound traffic to open ports. For these reasons, a stateful firewall is still necessary, even if your switch can handle some filtering.

VLAN1 - I have my WAN/LAN/WiFi for laptops, desktops, cellphones, etc.

Your WAN will always be on a separate network / VLAN to your LAN. While it's not a universal requirement, you should consider a broadcast domain (e.g. a VLAN or unmanaged switch) to carry one L3 network only. For example, if your WAN IP address is 203.0.113.138/24, it should be on an interface / VLAN that carries only 203.0.113.0/24 (no other IPv4 networks). Your WAN router will assign 203.0.113.138/24 to its WAN interface, and act as a router between 203.0.113.138 and 10.0.1.0/24 (to use the previous example). The WAN interface will only forward internet traffic to/from your ISP, and the LAN interface will only forward 10.0.1.0/24 to/from your LAN. Public internet and your LAN will never be mixed on the same broadcast domain.

VLAN4 - I want a Guest WiFi that only has access to the Internet

You'll need a router / wireless access point that can assign different SSIDs to different VLANs. Since your OpenWRT router is also your wireless access point, you'll be creating two VLAN sub-interfaces on the wireless NIC of your router. For example, assuming your wireless NIC is eth1, you might have sub-interfaces named eth1_vlan1 (LAN) and eth1_vlan4 (guest). Since the only way to get onto your guest network is to join the Wi-Fi, there's no need to add VLAN 4 to any other interfaces on your router or switch.

I'm not sure whether VLANs are required for guest Wi-Fi access on OpenWRT. Some wireless routers have a Guest mode / client isolation option that requires no further configuration.

Easy, leave switching to the switches and routing to the routers.