Seems to have worked OK in the main biw, but a bit of oddness with my upgrade process.
It seemed to be taking too long and I was a bit nervous (I was still waiting for pings 8 mins in) - so I hooked up a monitor to my appliance to have a quick look. As per the upgrade process it was refreshing the packages and it was reinstalling Snort, I'm not sure if this is an issue with the Snort package or pfSense....but....it was trying to download all the block lists/community rule sets for Snort etc BEFORE any interface had initiated, so the reason it took ages to come up is because every rule set was trying and timing out on the download, as expected...because it was trying to do it before it brought the interfaces up!
I did another couple of reboots after that and the same symptom didn't re-occur, so I imagine this was just an upgrade oddity and it sorted it's self out (just needed to be patient).
There is also a fundamental issue with pfBlocker, but this is resolved with a custom patch someone has made (see this thread - https://forum.netgate.com/topic/185207/24-03-development-php-fatal-error-uncaught-valueerror-range-argument-3) - Hopefully that's updated at some point to remove that issue from the main release.
The first thing I wanted to try, something I've been keen to test is the WAN Gateway failover...failback, and it works a charm. I don't know if anyone else uses Wireguard tunnels, but on a gateway failback these never, ever came back to the primary connection without pulling the plug on the backup connection - but now they do recover and swing back to the primary on gateway restore without any intervention. It does take a bit of time, 2-3 mins, so I'm going to look and see if there's anything I can do to improve it slightly - but it's still an improvement and removes the manual intervention.