In a very brief outline:
The most important thing to understand is what your threat model is. Do you
want it encrypted because you don't want someone to have access if it's
lost/stolen or are your adversaries nation state actors? An encrypted hard
drive is useful for preventing physical access, but once you've booted into
an OS the attack surface has increased enormously.
1) Jxself's recommendation will be the easiest way to do an encrypted
install, especially if you've never manually altered partitions before.
2) An unencrypted /boot partition will reveal some basic info such as what OS
is installed. Not necessarily important unless this information needs to be
kept protected for whatever reason as well. You have a libreboot system, so
the link root_vegetable provided will assist if you want /boot encrypted.
3) I agree with Root and Banana, you should be fine with a separate /home.
Separate /home, /var, /usr is probably overkill for your situation.
4) As mentioned, don't put a swap partition on an ssd (you can of course but
it will burn through the ssd much faster). In relation to encryption on an
ssd, there is another point to consider in passing through the TRIM command.
The TRIM command enables your ssd to have wear-leveling which increases the
total lifespan of the ssd. However, passing the TRIM command through the
encrypted layer will enable someone to perform analysis to see which sectors
on an ssd are and aren't used. Unless analysis is a possible threat, I would
choose to pass TRIM through.
5) The link Legimet provided to the Arch-wiki is great for understanding
encryption in general.
Best of luck!