1) is not a big concern. Standard operating procedure is to establish health of the cluster before any manual failover, therefore, as long as procedures are being followed, you are not going to see this crash
2) Yes, NAT-T is supported for remote peers. Your central HQ "VPN Hub" should be reachable on a direct public IP, of course, the same way that ScreenOS behaves.
One of the biggest challenges for SRX today, particularly when clustered, is UTM stability and behavior during failover. If what you have in mind is basic Layer 4 firewalling + IPSEC, it will work great.
Also keep in mind that "dual ISP without dynamic routing protocol" is supported today, but difficult to set up, and with limitations. If you use BGP towards your ISPs, you are golden; ditto if you only have one ISP.