Pihole comes with a list of ads and trackers by default, but not with a maintained list of porn domains. There are more people working on getting trackers blacklisted than there are people scouring the web for new porn sites for free.

Pointing pihole at a porn blocker seems like a good combination of the best of both worlds to me.

Your router must support outbound NAT in order to force all connections on a specified port to a specified host.

If your router doesn't have that feature, there's no way to do it.

You could double-NAT with a second router (apparently causes problems with some things like consoles, although I’ve never had a problem).

Double NATting is underrated. I have zero problems with it and I like the buffer zone (subnet) between the ISP's Gateway/Router and my home network. Should the ISP's device have a known Zero Day exploit then it won't affect my home's subnet. Then there's all the additional stuff that can be done on your own router and also use DoH to ensure that a compromised ISP-router can't rewrite your DNS queries. Plus your ISP's router won't be able to gather statistics about the devices in your home, in case it would do that. I don't trust ISP-provided devices at all.

can the pi zero as pi hole for example itself be the second router and pi hole at the same time?

What would that feature be listed as on the back of the box/spec sheet?

It's extremely unlikely that any consumer router would support it.

If you really want to force clients on your LAN to always use a specified DNS server you're looking at a more enterprise-y router solution, probably something running pfSense or OPNsense.

MITM port 53 traffic