How extensible can I make my installation in terms of sub domains and restricting membership to them?

I think I would probably l go with a multisite setup and create a separate subdomain with its own Discourse for each community. A single instance will be enough to start, and when you have more users than a single instance can handle, you’d have enough money coming in that it wouldn’t be a problem.

The setup described at Setup Multisite Configuration with Let's Encrypt and no Reverse Proxy is actually pretty simple. I’d probably add databases some way other than having launcher do it, especially if I were adding them often, but it should be good enough to get you started.

And if you want each community to be its own world, then you may not need or want a single authentication source, so maybe what you want is easier than I’d first thought.

It’s unclear if you’re planning to start with 20 sites or 2,000. If it’s 20, then the above solution is good enough; if it’s 2,000, you’ll likely want something more sophisticated.