I wouldn't bother with multisig if you don't need control among multiple people.

This is a good starting point: https://btcguide.github.io/

If you prefer to listen rather than read: https://stephanlivera.com/episode/215/

Whilst the signing devices on offer for multi-sig, and Sparrow as probably best-in-class bitcoin wallet, are all new since Michael Flaxman wrote (and recorded) this, the reasoning and comparatives of single sig v multi-sig are really useful to work through

There is not a solution that fits all the scenarios.

IMO, a hardware wallet with a passphrase is a good solution. Also you can have some SATs protected only with the seed and not the passphrase for a wrench attack scenario.

If the amount of SATs is big, maybe consider to have another device (different seeds) with the same set up.

Black up your seeds in metal and also in two different locations.

Paper wallet.

Definitely passphrase. That's what it's for.

No shame in using Casa or similar services (Blockstream Jade or Green has something)

2of2 multisig. Don't need to worry about the xpubs.