That’s a shame because wifi is well suited to tasks like this. May I ask, do you distrust wifi for concerns of reliability, concerns of security, or is this some form of irrational radiophobia? I can’t help with the latter (speak to a psychologist about that) but the first two are tractable concerns.
Reliability: It sounds like you’re being thorough in deployment of wired networking. This means your wifi network isn’t going to be under any strain. When building out, make sure you include cable drops for an appropriate number of POE-powered APs. With multiple well placed APs you can get excellent coverage so you can lower the transmit power down.
Security: This is a valid concern. You’re already well ahead by preferencing open source software like esphome over dodgy commercial solutions. Nonetheless I personally keep all of my NOT (network of things) devices on their own SSID on their own VLAN. My router is configured to only allow specific traffic to flow in and out of NOT. They can’t access my LAN or my WAN—all they can see is HA and Esphome on my docker server and an Avahi mDNS reflector on my router (for mDNS discovery). And they can accept inbound connections as long as they are sent from my desktop.