Switch from existing firewalld configuration to nftables
Solution 1:
I'm not familiar with nftables syntax and configuration (and currently I cannot afford learning it and manual rewrite due to time restrictions).
Keep firewalld if you are not going to learn nftables. Risking a misconfigured firewall is not worth what might be merely tens of MB of RAM savings. Hopefully, your time is valuable enough where you can justify renting a VM with slightly more resources, and be done with it. (If that's even necessary, I'm not convinced you have a performance problem.)
Firewall rules are not a one time thing, eventually they will need updating. How are you going to ensure that 6 months from now, this write firewalld and convert process will be followed?
EPEL 8 fail2ban-firewalld package is naturally firewalld based. Easy enough to switch to a nftables based jail, but that is still a configuration you will want to test.