Hey @NuP and @Hoamboy!
The sonos speakers work at layer 2 for discovery. The guide you have linked is a tool to help users setup their wifi networks in a bridge mode, meaning they pass wifi traffic at layer 2 onto the switch, making the sonos devices discoverable. A guest mode or NAT mode wifi network would strictly prevent this.
That all being said, because the sonos speakers work at layer 2 - they are discovered by any devices on the same network. Let us assume the sonos speakers are on VLAN 100 - any device on VLAN 100 should be able to discover them. If you have a wifi network configured for VLAN 100, any wifi device connected to that wifi network would discover the sonos speakers. If you connect to a different VLAN on a different wifi connection, the devices would not be able to discover the speakers.
Unless Sonos has a way of multi-homing the network access and let certain speakers participate on certain networks, I don't think you can achieve precisely what you want.
You could connect a set of sonos speakers to the "customer" network, and make sure the wifi for customers only reaches these sonos speakers (and not others on another network). However, you couldn't get your 3rd bullet point of having staff see all speakers on one network connection without giving everyone the same level of access.