You don't necessarily need VLANs if your Wifi access point and your router are one and the same device. Of course you need to define a "guest network" alongside your regular LAN, that's all quite exhaustively covered in the various "how to make a guest wifi" tutorials. But they both never leave the device, so you don't need to care about segregating different networks on a single connection, which is what VLANs are for.
If you want to serve both regular clients and guests from one single wifi SSID, you need to make your guest network not just a single (unmanaged) network interface but a bridge to which hostapd can attach its (internal) wifi device, and state that bridge as a third parameter in vlan_file. Only hostapd-internally it will, pro forma, have a VLAN ID.