1. Is it the case that you never have to update the wallet.dat file if you are using it for long-term storage (other than the format changes you mentioned)? So you just create it on the offline machine and keep it offline for as long as you use it?
There could be an issue if new versions of the wallet come out that are incompatible with the older versions. This is highly unlikely, but you'll want to keep yourself aware of any future developments. If you want something a bit more reliable, you can learn how to find the private keys along with the addresses. These keys are typically importable into just about any major wallet out there. The only reason that the private keys would become unusable would be if a weakness is discovered in the ECDSA algorithm and bitcoin switches to a new digital signature algorithm.
2. Also, will I ever have to use the bitcoin-qt client again? It sounds like you simply send your bitcoins to one of the saved addresses, bypassing bitconi-qt altogether.
One you have a trusted and reliable copy of the bitcoin addresses and the private keys, there is no longer a need to use the Bitcoin-Qt client as long as you are only receiving bitcoins. There are several sources available to look up an address on the public ledger (blockchain) and see how many bitcoins are associated with it. I expect that such ledger viewers will continue to exist.
3. Is there a secure process for selling the bitcoins without exposing the wallet.dat file?
You can import the private keys into an wallet running on an online computer, but as soon as you do, you are immediately exposed to any malware that may exist on that computer. To protect yourself from such risks, you can use the Armory wallet. Depending on how long you are planning on storing the bitcoins, other options may present themselves in the future.
And one more thing: If I have understood correctly, you don’t actually ‘download’ the bitcoins onto your system, instead you are given an access key to bitcoins already on the public block chain. But you are the only one with the private key, therefore controlling how you spend the bitcoins.
Correct.
Lose the private keys associated with an address and nobody can help you access those bitcons. You can consider them permanently "lost".
Allow someone else to gain access to those private keys somehow and they can now control and spend/steal those bitcoins. There is nothing you can do to stop them except get to the coins first and transfer them to a new address that does not have a compromised key.