There shouldn’t be any conflict, if your ISP’s router provides DHCP on 192.168.1.0/24 and OPNsense provides DHCP on 192.168.10.0/24.
There will be double network address translation (NAT), for any computer connected to the 192.168.10.0/24 network, single NAT for any device connected to 192.168.1.0/24.
If your device you connect to 192.168.10.0/24 asks DHCP for an address and leases 192.168.10.100, it really has no concept of what is outside of that 192.168.10.0/24 network. The same goes for anything connected to 192.168.1.0/24.
Outgoing traffic would get routed up through both networks, with the router/gateway navigating for you the routing up and out of each network until it leaves your network if bound for the internet.
Incoming traffic would, unless previously accompanied by outgoing traffic that could get stored and retrieved (NAT table), have to be set up to allow that traffic (port forwarding is one method) to that specific host, and specified in both locations (ISP router and OPNsense).
So if unsolicited traffic came in destined for your ip (let’s say 5.5.5.5) on port 1234, you could have an entry that specifies that port should forward to 192.168.10.1:1234 (opnsense). Once it reaches your OPNsense instance, it also needs information on where to send it, so you have another port forward record to forward it to the specific computer you want it to go to (192.168.10.100:1234). Otherwise the router receiving the incoming request for 5.5.5.5:1234 has no idea where to send it.
So 5.5.5.5:1234 hits isp router,
first NAT of 5.5.5.5:1234 => 192.168.1.100:1234
second NAT of 192.168.1.100:1234 => 192.168.10.100:1234
and it finally makes it to your computer
I’ve solved this at least two different ways, depending on what options your ISP gives you.
The first (best) way was to set up the ISP’s device to be as dumb as possible and only provide the means to connect over the ISP’s change in medium (ethernet cable to coax) and let my router ask the ISP for an IP directly. I’ve done this for Comcast, ATT (before they got the new, unhackable routers with no bypass method for EAP), Spectrum, probably a few more, too.
The second way, mainly with AT&T, because they force you to use their EAP authenticated device on their fiber network, is to set up IP passthrough. Your router behind the ISP’s router (still does translation but…). My router gets a public IP (and a static IP block, which I can assign to vlans or devices directly), which flattens my network a bit.
VLAN tagging can be an option, but it might be overkill for what you’re trying to do (requires some networking knowledge or lots of time banging your head and learning it as you go).