Shutdown. When you save the state you obviously loose some of the live features. If you search the forum you can also find other issues related to saving the state like clock skew. It is in general not recommended independent of hypervisor or live mode.
You will find the standard linux logs under /var/log or /run/log. I think only the tor log would matter but unless you change something on purpose it won’t log connections. In most cases they are automatically rotated or cleaned during restart.
It makes more sense for Live mode on the Workstation because there most of the relevant stuff like browsing, chatting … happens. You can of course also use it on the gateway but imho it is less likely to be attacked.
You should not always use live mode. In particular not during the first boot because then you will always go through the whonix setup procedure. Also for updates you need to boot the VMs in persistence mode.
Unless you always boot into live mode probably not. This could only happen if you install grub-live by default in the images and a user always boots this mode.
atm you boot into persistent mode and Tor should set the entry guards. I don’t know how tor checks if the ~3 months are over but in theory, if you at some point boot into persistent mode after the 3 months, you should get a new guard node.
Not sure what you mean with “too late”. When you boot into persistent mode after ~3 months you get a new guard. This is normal behaviour. It should stay the same for the next three months no matter if you boot into persistent or live mode.