Regarding scenario 1 I'm not sure why you need to do VLAN tagging between FGT and a router. It should all be untagged IMO. But if there's a reason to do VLAN tagging then you need to ensure the VLAN is tagged both ways. You are tagging on the FGT side, are you tagging on the Router side too?
For scenario 2 (and 1), you are configuring FortiLink aggregate interface. This means the router needs to be configured the same. This is LACP, or 802.3.ad. Is router configured for LACP as well? If not, don't use aggregate interface type on FGT side.
The only important thing here is that you have L3 reachability to the FGT FortiLink interface from your downstream devices. Once that is in place you can configure DHCP discovery or static discovery of the FortiLink interface on HQ FGT for your FortiSwitches at the Branch site.
FortiLink interface is used for management *and* traffic. It will manage the switch configurations and also will receive inter-VLAN traffic for VLANs that you have defined on the HQ FGT with IP addressing.
This is why I suggest a dedicated standalone L3 FortiSwitch (or third party switch/router) at the branch to handle inter-VLAN routing so you don't backhaul your inter-VLAN traffic from Branch to HQ and back to Branch.
This is also why I suggest a dedicated FGT-60F or greater to act as your Branch L3 "core" and switch controller.