Any router from a mainstream brand is likely fine, just don’t enable any of their “cloud” BS and don’t use their smartphone app. I’ve had good luck with Asus, they have an app but you don’t have to use it at all.
For security, try to enable WPA3 on your Wi-Fi networks, otherwise WPA2 is probably fine unless you’re being targeted by a government-sponsored hacking operation. Choose a long password for your network.
Once you get it up and running, then worry about DNS and PiHole and VPNs and all that. Don’t get in over your head.
I’ve been running PiHole for awhile, in short it’s your own DNS server that’s configured to block DNS requests to known advertising domains. So when you load a website and it sends a DNS request to PopularAdvertisingCompany.com to load an ad, PiHole blocks the request so the ad can’t be loaded. It’s useful for devices that you can’t put an ad blocker on, like iPhones and smart TVs and such, but can’t block stuff like YouTube ads cause they come from the same domain as the videos themselves.
It also has bonus features like DNS caching which can speed up web browsing.