Smart Home devices on isolated sub-network without internet access - possible?

In addition to Bob's comments, your network really requires a router and managed Ethernet switches that support VLANs. By contrast, the AirPort's guest network is a very simplistic VLAN with very little administrative control.

Isolating your IoT devices would also require that you can configure firewall rules on a router to prevent these devices from accessing your "main" network, but still allow access from the main network to the IoT devices for administration.

FWIW. I had networking requirements where I needed to isolate my media devices, game consoles, and IoT devices. I was easily able to do so by creating individual VLANs for each of these types of devices. In my case I replaced my Apple routers with networking gear from Ubiquiti. However, there are a number of other vendors out there that can work as well. It really depends on how comfortable you are with networking configurations beyond simple "plug and play."

Last question first.......Is it possible to have a wifi sub-network without internet access on my Airport Extreme where I can put all the smart home devices on and still be able to reach them from my iPhone/Mac which is on the main wifi network with internet access?

No. This might be possible with some really advanced port forwarding setups on a fully featured router, but not on the AirPorts.

Do Smart Home devices / HomeKit devices (just Lightbulbs and plugs) need internet access to function or is it enough to have them on a wifi network (without internet access)?

The answer will probably depend on which particular device that you are asking about. Check with the support folks for the devices that you are using.

The camera system here does not operate correctly when it does not have an Internet connection and devices are simply connected to the WiFi. Other devices may behave differently though depending on how the devices have been designed to operate.

Timed Access is there to control the specific times that you want a given WiFi device to be able to connect to the wireless network.

For example, you want to limit Junior and his iPhone to the times that he is allowed to connect to the WiFi network between the hours of 4 PM to 10 PM Sunday through Thursday and between 8 AM and 11 PM on Fridays and Saturdays. The iPhone will not be able to connect to the WiFi network at any other time.

So the only option would be to setup the AirPort Extreme with the Guest Network VLAN and put all the smart devices on there - then they would be somewhat isolated from my main network (though just rudimentary due to the AirPort Extreme's limited capabilities) and still have internet access and be reachable from my iPhone/Mac from the main wifi network, correct?

No, since you asked in your first post.........Is it possible to have a wifi sub-network without internet access on my Airport Extreme where I can put all the smart home devices on and still be able to reach them from my iPhone/Mac which is on the main wifi network with internet access?

Devices on the "main" WiFi network will not be able to access devices on the "guest" network and vice versa. The reason for this is that Apple has designed the guest network to allow guests to be able to connect to the Internet, but they will not able to "see" or "access" any of the devices on the main WiFi network. And WiFi devices on the "main" network will not be able to "see" devices on the guest network. Nature of the beast.

For example......your printer is on your "main" WiFi network and you have set up a "guest" networks for guests. Guests will be able to connect to the Internet, but they will not able to print while they are on the guest network because the printer will not even be visible to them.

As Tesserax and I have mentioned, you can likely do what you want with professional equipment and a pro like Tesserax to know how to set up everything.