You’d need a wildcard subdomain ssl which can be added by Netlify staff if you are a pro* member (Might require business?).
I believe for your sub-domains they would be different branches, and for the redirects, maybe you’d setup a URL rewrite so that your subdomain rewrites to their domain? They’d probably need to do some manual changes on their own domain though. To add redirects etc I think you’d need to trigger a Netlify build but that shouldn’t be too hard to get going. 
I’ll tag @jen for more information / clarification, who may also be able to help you with wildcard subdomains if you’re on the correct tier as a customer.