Dynamic DNS is entirely different than DHCP (with or without a reservation) or Static IP.
DHCP is the automatic method for your camera to obtain an address on your network. Static IP is the other way — this is when you configure the device with the IP address information manually on the unit itself (camera in this case). A lot of IoT type devices do not even provide a means of setting a static (manually configured) IP address, but some do.
As long as your camera doesn’t have any significant bugs with DHCP, it should not cause problems to use DHCP. The DHCP reservation simply tells the DHCP server that you want to issue a specific/known IP address to a given client.
DDNS is a different thing — DNS is the “domain name system” which allows the domain (usually words like openwrt.org) to map to an IP address. Since many residential connections use dynamic IP addresses on the WAN, it may periodically change. The DDNS services simply update a domain you own to the latest IP you have on your wan. You can run these on OpenWrt (instead of your camera) and it should work flawlessly assuming the address is public and not RFC1918 or CG-NAT.
Please describe your reasons for this and the threat model you think is of concern. If you do anything personal at all on your phone, chances are that you are already treating it as a moderately or fully trusted device. Does your phone use your wifi when you are home? If so, your phone is already part of your home network.
Port forwarding from the internet to a device on your network means that you are exposing that device directly to the internet for hackers/bots to attack. Cameras and IoT devices are typically not very well secured and often have vulnerabilities that don’t get patched by the vendors. This means that port forwarding from the internet to your camera could expose your entire network if your camera gets compromised. (And this is to say nothing about the camera feed itself, unless you truly don’t care about the video being exposed to the world).
A VPN on the other hand, ensures that only devices with authorized cryptographic keys can connect. In the case of wireguard, the protocol itself only responds when the keys are correct, so if the keys are wrong, there is literally no response which means a very low attack surface.
Furthermore, you can use the OpenWrt firewall to limit what the VPN connection can access, so you can ensure that your phone (or anything else using the VPN) can access.
Using VLANs is a better way to secure your network if the camera itself could be a potential threat. But I think that this might be a bit more advanced than you’re ready for at this point.