The traffic selectors in bare IPsec work similar to Wireguard’s allowed-address list, but as you mention various ranges, be aware that the number of policies may be overwhelmlingly high, as you may need one policy for each (local subnet,remote subnet) tuple depending on how the remote peer has configured it. Using 0.0.0.0/0 ↔ 0.0.0.0/0 is rarely a solution because bare IPsec traffic selectors supersede the results of the “normal” routing, so if you use this traffic selector to choose traffic for the tunnel policy, you need other policies to exempt your local traffic from being intercepted by this one.
So depending on how much of the design will be your own decision and how much you have to accommodate to, it may be best to use a “something-over-IPsec” tunnel with “normal” routing and firewall rules, or it may be best to use bare IPsec.