1) Yes. By default the new core integrated H5P is set to
download updated and new content types and libraries from the H5P Hub
server via a Scheduled task.
2) Yes. This is controlled by the Scheduled Task "Download available H5P content types from h5p.org" (\core\task\h5p_get_content_types_task). This is on by default and runs once a month. If you prefer to control the content types and libraries yourself, then turn this scheduled task off, and use the "Manage H5P content types" in
Site admin > H5P instead to manually
upload the content type files and library files you need.
3) It is all or nothing. There is no option in the Moodle integrated activity to hide or disable a specific content type nor are there specific permissions for the content types. You either have them installed or not: If they are installed, then anyone who can add the H5P activity (by default, Teachers) can use all the content types. (N.B. This is different from the standard H5P "Interactive Content" plugin which does have the ability to restrict content types.)
4) "restrict certain users to the H5P activity" - You can do this in the roles by setting the various permissions for the activity as a whole, just as for other
activities. Search for mod/h5pactivity in the Roles to see the details. There are four main capabilities: view, submit (for Students), and add and review submissions (for Teachers).
5) "certain H5P resources within the catalogue" - Only Admins and Managers have the ability to manage the content types. By default, the Manager role can see and use the tool in
Site admin > H5P > Manage H5P content types, which is controlled by the capability "Manage H5P content types" (moodle/h5p:updatelibraries), set to Allow for Manager. This is all or nothing, too: there is no way to set it up so that some Managers, for instance, can manage some content types but not other content types. This permissions means they can add or remove any or all of them.
Hope this is helpful.