That’s correct.
Yes, since app token authorization is used here, we would not restrict which users you are subscribing for (given you have their proper authorization).
No, that limit is specific to WebSocket subscriptions. Conduit subscriptions would follow the existing generic subscription limits.