I got it working 
Turns out PIMD isn’t so great after all. I had to install Avahi and tick the option for Repeat mdns packets across subnets …
… After a quite long session of debugging FW rules (thanks also to the link above) and running a packet capture on a spare RPI 4 where I installed HA and set up directly into vLan 3 (the IoT), and let the Packet Capture (from PFSense) run when I was installing ESPHome addon and opening the Webinterface, finding out that ADOPTion was available and the devices were listed and that the Packet Capture showed nothing interesting BUT the mDNS line.
At that point it was clear to me that the issue was:
A) PIMD not properly configured
B) PIMD broken
The answer was B.
Then, of course, because I use Linux (Fedora) and I forgot my IoT WiFi password (saved incorrectly into secrets.yaml), when adopting the Living Room device I ran into a few issues.
The most annoying was failed to execute 'open' on 'serialport': failed to open serial port. · Issue #4525 · esphome/issues · GitHub
But being I a man of culture and having lived the years of CLI (and still am), I fired up esptool.py and flashed the firmware that ESPHome created and installed, but failed to reconnect because the wifi password was wrong, but good guy ESPHome allowed me to download it for a later flashing.
I’m not sure if there are better ways to push the wifi configuration in it. I found flashing with esptool the faster way.