i don't want to confuse you, maybe my wording is misleading (or i am totally wrong) but:
while you can have multiple ip address (L3) assigned to an L2 device, but a bridge device allows all members to communicate each other, i.e. acts as a switch. like using the default config where all lan ports are combined into br-lan bridge device (and an interface is assigned to this bridge) clients connected to any member ports can access each other.
i am not sure, this should be tested, if you have a bridge network with two interfaces in different zones what happens for example with firewall rules creation. usually generated fw rule set has a zone_input, zone_output, zone_forward structure but the logical interface names are references with their respective device names in the fw rules. so not sure the two interface on top of the same L2 bridge device how would be handled, e.g. if both sets of rules are generated pointing to same device, the order of rules would matter in this case i think.
so i'd suggest to rather fine tune your existing setup with smcroute, i.e. two bridges (lan1+2; and lan3+4), assign interfaces to each in different zones (lan+iot); allow lan -> wan+iot and iot-> wan and with smcroute allow multicast from iot to lan. this might help.
but either way, must be tested. i hope though someone smarter will come with an easy solution for you.