Only way to add this account with that passphrase is by importing it on new device or if you do reset of your old device.
That's not accurate. You can simply temporarily attach the passphrase any time you want to use it to the same device without resetting anything.
In terms of OP's question, the only difference between the two options is how you access the passphrased account. The passphrase itself behaves in exactly the same way regardless of which option you choose. There are pros and cons to each.
If you attach a passphrase to a secondary PIN, then you can enter that passphrased account simply by entering the secondary PIN when you first connect your Ledger device. It is quick and easy to get in to that passphrased account, regardless of how long or complex the passphrase is. The downside to this is that since you are never prompted to enter your passphrase, then you are at a much higher risk of forgetting it and so you
must have it backed up on paper separate to your seed. You can also only have one secondary PIN and can therefore only use one passphrase using this method.
If you attach a temporary passphrase, then you must enter the passphrase every time you want to use the passphrased accounts. This is slower than simply entering a secondary PIN, but it acts as a memory aide to help you remember your passphrase. Additionally, you can use as many different passphrases as you want using this option, which helps with keeping accounts separate, aids privacy, and provides plausible deniability. This is also potentially safer since the passphrase is not saved anywhere on the device once the power is disconnected.
You can hold coins long term in either account. If you attach the passphrase temporarily, then the same coins will be present in the same addresses every time you attach the same passphrase. Note, however, that there are no "right" or "wrong" passphrases. If you enter a different passphrase, even different by a single character (or even a single character being uppercase instead of lowercase of vice versa), you will generate an entirely different account with an entirely different set of addresses.