Not sure which version you are referring here.   AFAIK latest aem does not use underscore instead lodash.

https://helpx.adobe.com/experience-manager/kb/workflow-monitor-via-jmx.html

Yes crypto token avoids to use sticky issue.  Note http Sessions are server side sessions and hence violate the sessionless principle of REST and therefore should be used with care.  Crypto token will  not solve http session for that you need to depond on application server.   In aem with the defaul...

https://campaign.adobe.com/webApp/adbePriorityProductSubscribe

Use Closed user group. https://docs.adobe.com/docs/en/aem/6-0/administer/security/cug.html

Refer https://helpx.adobe.com/aem-forms/6/getting-started.html

Install the hotfix 6760 and verify. Otherwise file a support request.

Just set the acl & automatically it will filtered. because indexing happens at repository level [1], ACLs are handled by the Oak query engine.  When you execute a query Oak query engine is called & automatically applies the permission.

Make use of productRolloutHook & override it.https://docs.adobe.com/docs/en/cq/5-6-1/javadoc/com/adobe/cq/commerce/common/AbstractJcrCommerceService.html#catalogRolloutHook%28com.day.cq.wcm.api.Page,%20com.day.cq.wcm.api.Page%29

Install the Hot fix 6561[1] then create a suggestion index. [1]  https://helpx.adobe.com/experience-manager/kb/aem6-available-hotfixes.html[2]   http://jackrabbit.apache.org/oak/docs/query/lucene.html#Suggestions