Does querying the DNS Seeds via TOR return .onion addresses? If not, then if my node is a TOR only node, does it always get the .onion addresses to connect to, from the hard-coded list?
Additionally, are the DNS queries encrypted or in plain-text for IP nodes?
Does querying the DNS Seeds via TOR return .onion addresses?
Sometimes. Before the Bitcoin Core PR (#25678) you would expect to fall back to relying on the .onion addresses in the hardcoded seeds though you may get onion addresses if you are lucky to connect to a peer that happens to offer these.
As lightlike says in the comment:
For Tor Bitcoin Core currently first does an AddrFetch connection (a short-lived connection with the goal of getting addresses) via Tor exit nodes to an address each DNS seed resolves to, violating the -onlynet option. This may result in some onion addresses, but only if we are lucky to connect to a peer that happens to offer these. #25678 suggests to change that behavior to skip the DNS seed step and immediately resort to hardcoded peers
With regards to the second question:
Additionally, are the DNS queries encrypted or in plain-text for IP nodes?
Messages between nodes are currently not encrypted but there is ongoing work to change this in future.