I don't see any obvious mistakes in this design.
With the small number of SSIDs, I think your choice is reasonable.
For completeness, this is the documentation about the other solution: dynamic VLANs.
I would tend to leave out the secondary router and rely on VLAN isolation in the switch and firewalling in the primary router. But this decision depends on various factors which were not discussed yet.
200 Mbit/s - is that the downstream capacity of the ISP line? How much is the upstream?
To ensure the network serves all clients equally well and with low latencies, I suggest to look at Smart Queue Management (SQM) for the primary router, and Air Time Fairness for the access point(s).
However, SQM increases the demand on the router CPU, which should be considered in the hardware selection. Some benchmarks have been posted, and there are threads with hardware recommendations in this forum.
How many access points will there be?
Are you planning to run them with vendor firmware or OpenWrt?
Will (some of) the SSIDs be available on more than one AP, and a smooth client handover between APs be desired?