May I suggest that you would take a look at some of the Cisco Live On-Demand presentations on this subjects that are available. That might give you a head-start.
For example, BRKRST-2619 from Las Vegas 2017 topic is "IPv6 Deployment: Developing an IPv6 Address Plan and Deploying IPv6 " and can be viewed online.
And there's a IPv6 addressing whitepaper available on cisco.com/go/cvd
That being said, to answer some of your questions.
The most common scenario is probably to use global (public) IPv6 address space internally, and I would recommend doing so and steer away from NAT.
The security issues are similar as with IPv4, you have to make sure that unwanted inbound traffic is stopped at the perimeter firewalls.
It may depend on the operating system and clients, but usually dual-stack systems will attempt to connect via IPv6 when both IPv6 and IPv4 are available.
Some applications (browsers mainly) have implemented "Happy Eyeballs"(RFC8305) so if a connection via IPv6 is unsuccessful it will quickly fallback to IPv4 without the user experiencing timeouts or errors.
I don't have the expertise to go deep into the DHCPv6 vs Stateless Autoconfiguration (SLAAC) topic right now. There are several things to consider there and one of them is that not all clients support DHCPv6.
Take a look at the "Comparison_of_IPv6_support_in_operating_systems" wikipedia article for reference.