4) is actually the one that can make or break your system as the accidental breach of your system's security to release contact information to unauthorized users could be catastrophic for your organization.
Each volunteer has to be issued some kind of key that only permits them to access their information. This could be an ID card with a bar code or magnetic strip or they could be issued and required to remember a password for logging on to your database.
Once they have logged on, record level access control can limit their access to just their contact information. See "Editing record access privileges" in FileMaker Help and check out this particular sub section: "Entering a formula for limiting access on a record-by-record basis" for a description of how to set this up.
Now for the rest of your list:
1) the act of logging in with a password--either entered manually or by swiping an ID card can also identify that user such that a script can find their record and present them with a layout for updating contact information and logging any other info such as hours volunteered.
2) You system can have a button for adding new volunteers. This can take the user to a screen where they can only access the record that they are filling out. The fields that they fill out can include fields for specifying an account name and password that a script then uses to create a new account for them.
3) If items 1, 2, and 4 are set up correctly, this should not be an issue.