by importing the certificate as a physical device, will the browser let me use the certificate as I imported it?
Yes. However you may recognize a higher delay when using a hardware token compared to a software token (e.g. for a smartcard 2-3 seconds).
what happens if the certificate has a pin? Does the browser ask for the pin every time it is launched?
by default e.g. Firefox only tries to access the client certificates if you connect to a web-page that has HTTPS client auth enabled. Then the PIN will be requested. Usually the PIN is then no longer needed as long as the token is not removed but that behavior may differ depending on the used PKCS#11 module (the software that connects Firefox with the token).
can I be sure that the certificate cannot be extracted frmo the token/smart card reader? Therefore, unless the token is stolen, can I be sure that the certificate cannot be cloned?
Then depends on the token. Some may have an API for extracting the private key but usually you can only use or delete private key + certificate from the token.