Unless it is mission critical, I would suggest not to put hard limits to the CPU and memory.
The idea is that you will get stuck if both run out of memory, and that will happen if something really bad happens. A web server and a db have their own limits to the number of processes and dedicated memory. You can add some swap to buffer any unexpected issues.
You can shave off some memory if you use Ubuntu minimal container images, or Alpine (if you are familiar with this).
A web server does not use much memory compared to the db. With your VPS specs, you can easily have 7-8 websites, with shared DB in a single container.
b. The swap space is used when the system runs out of memory and decides to make space by pushing to swap space an inactive process. When you use hard limits, you may get that issue more often, and you needed most the existence of swap space.
If instead you do not use any hard limits, then some free memory from one website can be used by another website to deal with a momentary heavy load. But with hard limits, if one website has extra free memory, then that cannot be used by another container in need. I use buffer as a verb, in a sense that without hard limits, the free memory of one container can be used for the temporary needs of another container.
c and d. You mention PHP but not the CMS you will be using. I assume it is WordPress. In that case, you would primarily take backups from within WordPress. There are addons that work with WP-Cron that can be configured to automatically take backups and upload to another server (AWS, etc). That includes both the DB and content in /wp-content/. Those backup dumps can be imported in one go on a new blank WordPress site.
You may also take a separate full DB backup and upload it to another server as well, using some backup tool or shell scripting.
e. I do not see a strong case of using snapshots for backup when the websites are live. You may consider taking a snapshot of a good working state of the container as soon as you have installed WordPress (the CMS), so that if WordPress gets infected by some malware, you can restore the container from the snapshot, then restore the latest clean WordPress backup.