Those are the default rules which apply should no other rule pre-empt them. Rules are considered in order. The first one in the list with matching conditions will accept or reject the packet. If there are no matches, finally the zone default is used.
Forwarding between zones always requires a specific rule.
The INPUT of guest zone however is not about inter zone. It is about ingress traffic from the guest interface to the device. Traffic that has final destination the router. Traffic that will not be forwarded to another router.
OK, lets say I set "input" an the guest zone to "reject". That means, the client connected to the "guest AP" will get no DHCP, DNS from the router. But if I set static IP and DNS to ISP on the client, traffic to "openwrt.org" over https would be allowed? (Assuming all other settings are correct)