To clarify the answer to question 1, the requirement of operator logins is optional. We recommend you DO require credentials, but you are free not to. Either way, check the manual for IsValidEmail and set the appropriate whitelist / blacklist for email domains on the sponsor_email field.
There are no expiration options at approval time, no. You can setup a default short-term expiration in the registration form itself, and then extend this, with a fixed value, on approval. You cannot individually set a value though. In scenarios where you have a couple distinct sets of visitors (say Guests and Contractors), we recommend setting up multiple self-registrations with the expiration times set, and then add links on the landing page for them to choose. It would be on the sponsor to sanity check who they are sponsoring.