We have about 700 PA devices still deployed in the field (including panorama instances), I'm not exactly new to it.
Layer 7 'steering, routing' doesn't really exist, unless you mean load balancing. It doesn't exist because unless the protocol itself is routing or steering aware, those words hold no meaning, and any software package that pretends otherwise is lying. Granted, the terminology gets re-invented across vendors, but if we stick to plain technical English it at least applies to everything the same.
As for L7 policies, you pretty much do the same in OpnSense: you enable a policy engine of your choice, feed it the set of protocols you want to support and then allow ingress and egress based on those protocols. You can do that interface or zone based, but also floating with additional matchers to apply those policies on non-zonal factors. It doesn't have a concept of VRF or Vsys so you can't do those things, but since you can just add more *sense instances it doesn't exactly matter (unless you don't have automation). Even pfSense had this in 2016 (albeit a crappy experience). It's not something that is unique to PA or any other vendor. Their uniqueness as stated earlier comes from their feeds and hardware acceleration.
As for PA's app ID specifically, it's pretty unreliable and not as useful as the marketing people have been shouting all these years.