Hi @Martin Skorvald ,
as far as I know you can only associate one NSG to a single NIC. It's not possible to associate more than one NSG to the same NIC.
You can verify this in Azure Portal.
Same counts for association of a NSG to a subnet. You can only associate on NSG per subnet. If you try to associate a second NSG with a subnet the first NSG will be disassociated.
The 2. option you described in your question doesn't work.
So the option 1 (create one NSG with multiple Security Rules) works and is best practice.
----------
(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)
Regards
Andreas Baumgarten