Sounds like you should read the feature documentation?

request certificate from my pc's certificates console and write it to usb(it just automatically prompts it) - is it normal? Certsrv web interface doesn't see my template for whatever reason so i'm unable to use it.

Yes.

There is no way to enroll inside a web browser, browsers don't have the APIs to interact with smart card hardware (other than via the OS certificate store) and HTTP doesn't provide support for enrollment either.

Also, the certsvc web interface is basically useless and a massive security liability unless hardened appropriately. You should just remove it.

Am i right to assume that "Build from this Active Directory information" in Subject Name tab of template properties means that the user who requests the certificate is also the user for whom the certificate is for, and in that case - how can admin request a certificate for another user?

Enrollment agents and "enroll on behalf of" in certmgr.msc.

Lastly - how would(or not) certificate renewal even work potentially, considering we use usb tokens, can they even automatically get new certificates?

User policy GPO that enables automatic certificate management, same as for computer certificates. But it sucks and users will only get balloon notifications about expiring certificates and they still need to manually enroll.

You can allow a user to renew based on existing certificate though.