The provider link enters the switch, the ISP vlan.
All other devices that should have white ip are connected to the same switch, to the ISP vlan.
You can connect a router in two ways:
1. Both physical ports are connected to a switch, one port with a white ip is connected to the ISP vlan, the second port is a trunk port (with subinterfaces), it contains all the vlans used in the local network.
2. One physical port is connected to the switch by a trunk (with subinterfaces), among other vlans in the trunk port there is also an ISP vlan, a white ip is nailed on the subinterface of this vlan. The second physical port remains free.
I don’t see any problems with the addressing offered by the provider, everything is ok there.
And where will the broadcast storm come from if you are connected to the provider with one link?
If the prov does not want to hit the network with 256 addresses per subnet - I can assume that in order to save addresses, then it should be prepared for the fact that the number of broadcasts on a particular port will be higher than usual, but, nevertheless, there is nothing wrong with that .
In fact, I inform you that I have about 20 branches connected according to the ISP - Switch - Router scheme and there have never been any questions regarding excessive broadcasts.

although these addresses are in a row, they do not fit into the same subnet

your ISP is weird. I don't even know that I was forced to issue addresses to the client like that. In my opinion, it's easier to issue / 30 for connection and / 29 to route ...
Can't you persuade the provider to issue it humanly?

The provider's physical interface is one Ethernet port.

Using only a switch without a router is fraught with the fact that on the provider's side, a broadcast storm and blocking work on my switch.

How to set up your network, which is part of the provider's network