The wifi-vlan and wifi-station config sections referenced work in addition to the rest of the configuration sections. Consider it an add-on/bolt-on feature. By default, the sections refer to any and all wifi networks present on the device. If you want to limit it to a specific ssid (and in your case you do), you also need to add a line to the sections:
option iface 'wifi-ifacename'
The iface referenced is the named wifi-iface. For instance, 'wifinet0' is usually the first luci-created wifi interface.
The following example sets up a multi-PSK configuration with the guest wireless being the primary and the LAN being a secondary. Any additional radios or SSIDs would be unaffected:
{radio definitions}
...
config wifi-iface 'wifinet0'
option device 'radio0'
option mode 'ap'
option ssid 'ExampleWiFi'
option key '*redacted*'
option network 'GUEST'
option encryption 'psk2+ccmp'
config wifi-vlan
option iface 'wifinet0'
option name 'secondary'
option vid '3'
option network 'LAN'
config wifi-station
option iface 'wifinet0'
option vid '3'
option key '*redacted*'
...