Welcome @NixieGeek
First do you mean the Vivokey Spark 2, if so this will not suit all your use cases. The Vivokey Apex that is soon to be released will have much more functionality that should cover most if not all your use cases eventually. I will assume you are asking about the apex for the rest of this post but it is not out yet so the details will be loose as I am not “in the know” beyond teasers DT have released on the forum.
I think you are saying it is RFID not NFC? If so this is a very common misconception, so common in fact that we will usually understand what you mean. Having said that it is in everyone’s best interest to “nip it in the bud” 
so here is a post with more details:
Now I will go through each of your use cases for you hopefully it helps.
If you want to just store them securely the DF2 should work fine. If you want some sort of token exchange then the apex will likely be better suited for this. Having said that the DF2 has some encrypted session features that I am not to clear about that might apply here, sorry cant give you more info.
The DF2 is perfect for this, It has 8kB of storage and can store multiple encrypted files. The apex is also perfect and without going in to details has much more storage capacity.
Both the DF2 and apex should be perfectly capable of storing a vcard or any other NDEF data for you to scan with mobile phones.
I think the apex is your best bet here as I believe this is an out of the box use case, obviously depending on the sites supported MFA methods.
This depends on the lock. Each lock supports different protocols, if you are buying the lock to fit the implant I do not think it matters which implant you get from DT.
This much like the above depends on the type of chips your work access system uses. If it is LF then the NExT or xEM or flexEM (all have a t5577 LF chip but the NExT also has a HF ntag216). We would need more info to help you out with this one. If it is LF it is likely the t5577 based implants will work but not a guarantee.
Hope that helps