Yes, GL.iNet routers have a VPN pane where you can simply enter the details of a WireGuard or OpenVPN server. I signed up for a free account at Proton, downloaded the configuration for a free WireGuard server, and installed it on the GL.iNet box. When I switch on the VPN in the router interface, all traffic flows through the VPN. I use it while travelling with my family. I can connect the travel router to the hotel or AirBnB wifi, then turn on the VPN (or not), then connect all the family devices to the travel router.
OP could do the same thing, assuming their router supports it, and set up a WireGuard VPN (much faster than OpenVPN) connection on the router and route all network traffic through it. A free VPN will always be slow and congested. A paid one is likely worthwhile in this case, especially if OP streams media.
It’s not necessary for the pihole to run over HTTPS, because that would only encrypt traffic between the pi and your device within your own network. When the pi doesn’t have the DNS that your device requests, it looks it up from the internet. You’ve probably set the DNS lookup servers in pihole. That’s a good start to avoid your ISP. The servers you choose may support DoH, and. you should use ones that do. That way, when the pi sends a DNS lookup to the internet, via your ISP, it’s encrypted by HTTPS so your ISP can’t inspect it.