As I understand from your description, I think you are very worried about losing vCenter and managing capability of dvSwitches. However, as the primary point of virtual infrastructure management, you should always keep the vCenter Server in the top-level of availability by any possible solution (HA, VCHA, FT, Replication and so on). Although you should note the management plane of VDS is controlled by vCenter but data plane still remains in the ESXi host.
Execution of a safe VMKernel migration depends on many factors such as:
1. The current configuration of exist VMkernel port
2. Number of uplinks for the switch
3. VLAN configuration on the physical switch side
I believe the safest way is as you mentioned: Add another VMKernel port for the host management on the VSS or VDS based on the virtual networking structure you need, then start working on this new design network (subnet/VLAN) and connect them to the vCenter server. Whenever you are ensured about all aspects of connectivity, you can remove old VMkernel port, Anyway, you can migrate all of these phases (Uplink, VMkernel, VM Traffic) by running a single migration wizard if you have enough physical uplink to provide full physical redundancy for each dvPortGroup traffic
Please mark my comment as the Correct Answer if this solution resolved your problem
