Answer to question 1 :Yes,there is no law prohibiting that, cipher alone is not a problem for them. Simply posting articles related to encryption technology also never get you caught, in fact, cryptography courses are taught in a number of colleges and Universities, in my University, Bruce Schneier's book is used uncensored,along with all of the original programs provided in a printed form.
Answer to question 2 :Theoretically, the law requires you to apply for a certificate even if you just want to operate a website with your own domain name. Although it's ratherly enforced, when it's it really is a disaster. I knew that there were two entire IPCs being disconnected for just several defunct websites without certificates. The authority to grant the certificate is the Ministry of Industry and Information Technology.
Answer to question 3 :They're potentially able to do so, but I have never experienced any HTTPS connection being dropped personally. The biggest problem for me is that most of those still unbanned "suspicious sites" don't provide HTTPS support. You know their first priority is intercepting the keywords rather than the HTTPS connections.
Answer to question 4 : As far as I know, they are not able to decrypt your traffic if you use HTTPS, however ,they have a IP blcklist so it doesn't make a difference for sites already banned.
Answer to question 5 :There is no government authority claiming responsibility for operating the GFW(actually this is mostly the responsibility of telcos), you don't need to fear of retribution even if they go after you because you can always claim you don't know the site is banned, as they simply reset your connection and there is never a warning message of any kind sent to you(this comapred to Iran where a warning message is displayed).In conclusion, just browsing "reactionary sites" doesn't pose a threat of any kind to you, but if you want to operate one, well, that depends on who you're.