A lot of info here already, but just to answer your specific questions:
The situation you’re describing is exactly what a reverse proxy is designed to simplify. If you’re using ERPNext with a standard production setup, you’ve already got a reverse proxy.
NGINX sits on the public edge of your server, listening to standard web traffic ports like 80 and 443. Then, based on a set of rules you define, NGINX will proxy (route) traffic to the internal interface of whatever services you want to offer. In this case, it might route some traffic to metabase (localhost:3000) and some traffic to Frappe (typically localhost:8000).
There are several ways for web requests to communicate which service they want, but the most common are to use different ports or different domains. For production setups, domains tend to be preferred. You might, for example, tell NGINX to route all traffic to edc.companyname.co to ERPNext and all traffic to mb.companyname.co to Metabase.
I tend to prefer separate certificates, but it doesn’t really matter. You can instruct certbot to expand the certificate you already have or you can create a new one just for metabase. The effect is the same as far as the end user is concerned. If you’re letting Frappe handle the certificate generation, it’s probably easier to create a separate one for Metabase. If you’re generating the certificate yourself, it doesn’t really make a difference.
If you want to serve metabase from a different domain name, yes.
If you want to skip the reverse proxy and just expose Metabase to the world directly, you should be able to do that too. I don’t know enough about Metabase to know if this is a recommended approach.
Personally, I just find it cleaner to use a reverse proxy. DNS does a great job of what it’s designed for, which is to give abstraction and flexibility to server deployments. If you just serve Metabase directly from https://edc.companyname.co:3000, it will potentially be more complicated down the road if you later decide that you want to run the two applications on separate machines.