Hi @tychecollective,
Welcome to the community 
If you haven't already I suggest looking at: Reentrancy After Istanbul.
I suggest only including functionality in a smart contract that is required for the life of the smart contract. If you have sale functionality for a token, then assuming the sale isn't for the life of the token, then you may want to consider adding the sale functionality to a contract dedicated to the sale and leave the token as simple as possible. ERC20 crowdsales are an example of this: https://docs.openzeppelin.com/contracts/3.x/crowdsales
I am definitely not an expert on reentrancy, I am a Community Manager and not a Security Researcher.
If at any point of execution we are unsure whether our contract’s invariants hold or not, we should avoid calling other (untrusted) contracts, because they could re-enter. If we have no choice but to do so, we can try to prevent reentrancy by using a reentrancy guard.
_From: https://forum.openzeppelin.com/t/reentrancy-after-istanbul/1742_
I assume these would generally be checks (no state change) or effects (state change). Though a parent contract could potentially call an external contract.
_mint is an effect (state change), so is the increment and are both internal to your contract. You have grouped your effects together.
If you are calling an untrusted contract, then yes. If you are calling the parent then this is internal and should generally be ok.
These should be fine, again, you need to be concerned about calling an untrusted contract.
I am not sure what they are classified as, but you are emitting an event which can't be used to call an external contract.
As a general note, contracts with value should be appropriately tested and audited.