If the goal of the vlan is to keep the device (which might be compromised) from connecting to other vlans for security reasons there's little point in letting the cam do it itself. That would be the equivalent of giving a thief 16 different keys with one fitting your house and asking him politely to only use key nr 12 which doesn't fit and not try the others.
Indeed, the analogy with the keys is an often used one, another exists with languages: if you travel to France but you "hide" that you can understand the french language, you could get offended because you can "evesdrop" on what the peasants are gossiping about these damn tourists
If you want your camera to be in vlan X, you want it to stick its nose in vlan X and not in vlan Y. Vlan tagging is of importance for "multiplexing" devices, eg VMware ESX/containerized environment in which sysops want to "extend" the vlans onto the network adapter and pass them through to the underlying (virtual) infrastructure. But then again, you must be wary about tagging which vlans, you (for example), should never ever extend your "network administration vlan" (vlan1) to any untrustworthy device.
If your core devices (edge router, core switches) already cover vlans and vlan tagging, you are already in a high-mature environment. Dragging vlans into the endpoints is nice, but only if absolutely required/mandatory. A cam should not be considered as being "vlan tagging required".
Hope this helps,
CC