You can run the ConfigMgr console from your WSUS server, then it will download the SU via WSUS server. But if you are asking can ADR do it? No, you will need to allow for proxy traffic.
Did you read the docs? https://learn.microsoft.com/en-us/mem/configmgr/core/servers/deploy/configure/about-discovery-methods What is unclear with them?
I don't understand how it will be easier if you move it later. This will be no less work if it on one drive vs have parts all over the place. But is it wrong to break it up like this No, it is not but it will use more space.
Is this a VM? if so that is a lot of broken up drive and will give you almost zero benefit. Create a C (os only) and D (virtual DVD), E (everything else) drive and be done with it.
There is no option to force people to change their pin every 30 day, you will need to write a script to do this with a custom interface. Personally I would NOT be doing it that often.
Yes, there are at least 4 bitlocker repot within CM. No the report should be there BEFORE turned on bitlocker.
You will need to review the CM reporting point logs to see what the deal is.