Ubiquiti Unifi is pretty good. We have one point held more than 90 people and did not sneeze.
So far, seamless roaming does not work very well (the one with zero switching), besides, it requires transferring all points to one channel, so you have to place them at the edge of audibility. It works for us without it.
Also, do not expect that if you set the Long Range point, your coverage will become much larger. The power of the client's transmitter makes its own adjustments. You will hear the dot, but you will not use it.
There is a cool thing with guest wifi. Give out the Internet for vouchers. Previously, it was possible to issue only with a time limit, with a recent update, you can also limit the speed.
Injectors are included.

It is possible to give an answer so that everything is done "in the mind" only after the examination.
Are you far away? If Moscow / Moscow Region, then I could call in to advise (I don’t take money for asking). I have been involved in SCS for 12 years and during this time I have accumulated a decent number of solutions, as well as a bundle of discounts from suppliers (cable, cameras, ATSki, etc.) from 15 to 50%, which I can provide for your project.
PS I myself like to do such projects, that's why I offer to help.
Contacts in profile.

Firstly, RDP will slow down on any network with any hardware when viewing multimedia content. If you hang it with ruffles like RemoteFX and virtualized GPUs like Nvidia GRID, it will become a little easier, but not enough to recoup the financial costs. Want a lossless thin client - look towards PCoIP. And the costs of finance in this case, again, will not be beaten off.
100 Mbit on access is normal. RDP will hardly even accelerate to a hundred (I checked - I managed to almost overclock a hundred when connecting two 1080p monitors and twisting all the graphics in the RDP settings to the maximum + watching two videos from YouTube at 1080 and
60 fps ) painted well.
PS when I was faced with a similar task (although there were more users), I scored and bought old bushy procurve 2650/2610/2824 in double the amount required. The whole project was included in the cost of a single Cisco 2960-48, and the warehouse still has hardware for one more of the same grid. Now the price has dropped even more, I recommend to consider this option.

if possible, completely abandon WiFi and install network equipment in offices - make a classic wired star. segment the network - users, printing, cameras into different VLANs. if the budget is enough, try to take stackable switches, then two with a common control plane will be enough for everyone. in such variant it will be easier with routing between vlana. if the budget is not enough for the stack, then try to combine the switches with optics - the speed is the same, the bandwidth is different. what kind of firewall and is it planned to be replaced? this is a question about routing - do it on it or look at switches with L3 support and route to them (it will be enough just to enable routing, connected networks will start to be routed).
I would also recommend thinking about separating file storage and backup storage on different devices so as not to lose everything in one day. here you can see something like kunaps that can replicate on a schedule and / or online and are built into AD with the distribution of rights to domain groups and users.
the main problem of the existing network is the common broadcast domain. traffic from cameras and printers can be blocked by user traffic. VLAN capable equipment will eliminate this problem. if it will also be able to QOS, then critical traffic can be additionally prioritized if the need arises. if without hubs in the offices there is absolutely no way - try not to mix users and printers on them. then it will be possible to shove the hubs into different VLANs and, accordingly, separate the broadcast domains.
well, pay attention to what network services are enabled on printers - disable everything that is not needed.