5) if you are following the BIP39 (that is to have the option to extend the mnemonic with a passphrase) you can't use simple SHA256 and have to use a KDF or even an HMAC function.
but i think the important thing is still to have a strong random initial entropy that creates the mnemonic.
This "passphrase" is (I guess) "custom word" in electrum and "BIP39 Passphrase (optional)" in
https://iancoleman.io/bip39/ ?
Just before generating address with derivation pass with
https://iancoleman.io/bip39/ :
Encrypt private keys using BIP38 and this password: [___________] Enabling BIP38 means each key will take several minutes to generate.
This is an equivalent for PBKDF2 iterations ?