I’ll try to answer each question specifically, as there are a lot.
I’m not sure what the trust levels are of the default qubes (is vault the highest trust besides dom0? is untrusted the lowest trust?)
The colors of the qubes as well of the names do not have any real security implications. They are merely there to make it easier to organize whatever system of trust you want to use. Essentially, there is no difference in security between the “personal” and “untrusted” default qubes, and the only difference between “untrusted” and “vault” is that the vault doesn’t have networking set up. You can use whatever system of trust you want to use and just use the colors and names to help organize and keep track of them.
password management (I assume this is the purpose of the built-in vault qube?): why can’t I also use the Everyday qube for this? Is auto-type into a different qube even a possibility?
The default vault qube is simply a qube that does not have networking set up. The recommended use of such a qube is to store critical files (such as a password database, or documents that you wouldn’t want to risk being connected to a qube with networking).
Auto-type is also possible. The keybinds to copy and paste text to and from qubes is to first copy the text normally, then press Ctrl + Shift + C to copy the clipboard into the Qubes Clipboard, select the destination qube, press Ctrl + Shift + V to paste the text from the Qubes Clipboard into the destination qube’s clipboard, then paste the text normally.
Windows. Do I need multiple Windows qubes? does it even have a trust level compared with the other qubes?
You can install Windows in a StandaloneVM, where it will essentially act as a normal Windows installation with its own desktop environment and windows inside of it.
Again, it won’t have real trust level and will just be another VM alongside the other VMs. It’s up to you to determine how much you trust a qube.
Perhaps some sensitive stuff that I would do offline and try to keep this qube isolated from the internet
This is the purpose of the default vault qube, but you can also create more qubes and choose not to provide networking to that qube by selecting “(none)” under “Networking” in the Qube Settings.
Also, I’m not sure if this is related, but if I’m trying out new software and don’t trust it yet, should I install it in a disposable, or in untrusted? and is there a way to move it to a qube with a higher trust level after I’ve (somehow) determined it is trustworthy?
Any software installed in a disposableVM will (obviously) be deleted once you close the qube. The same also goes for normal AppVMs as well. The normal way to install software is to use the TemplateVM’s package manager to install it, then shutdown the TemplateVM and restart the AppVM. That way the software is installed persistently, but each AppVM will have it’s own configuration files for the software. The software will also be installed for every AppVM that uses that TemplateVM so you don’t need to install the same software multiple times for multiple AppVMs.
Hope this helps, please let us know if you have any more questions and don’t forget to check out the documentation as it is very helpful and useful.