Hi anav,
Thanks again for your reply. To confirm… Adding more FW filter rules for the specific ssh and winbox ports does allow me to connect to the router without the wireguard interface in the LAN list. So this portion appears to be working as expected.
The only thing I’m a bit confused about now is the general input chain rules without an interface and / or without a destination port specified. This is my first go with Mikrotik (so far I’m loving the gear) so I’m not sure if it’s something where general rules are not processed or can be overriden by blocks, or if it’s just operator error 
(me).
For example, this rule:
/ip firewall filter add action=accept chain=input comment="vpn server" in-interface=wgsrv src-address-list=192.168.222.0/24
Doesn’t allow access blanket access across the tunnel for wireguard traffic the same way adding the interface to the LAN list does. The counters don’t increase and the counters do increase on the rule below to drop all traffic not from LAN (3rd rule from the bottom).
/ip firewall filter add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
But… the following rules do allow access to the specific ports in question (even without the general rule in place):
/ip firewall filter add action=accept chain=input comment="vpn server - dns tcp" dst-port=53 in-interface=wgsrv protocol=tcp
/ip firewall filter add action=accept chain=input comment="vpn server - dns udp" dst-port=53 in-interface=wgsrv protocol=udp
/ip firewall filter add action=accept chain=input comment="wgsrv winbox access" dst-port=8291 in-interface=wgsrv protocol=tcp src-address=192.168.222.0/24
/ip firewall filter add action=accept chain=input comment="wgsrv ssh access" dst-port=22 in-interface=wgsrv protocol=tcp src-address=192.168.222.0/24
And drop all traffic not coming from LAN is not incremented.
My guess is I either have a lack of understanding or the rules need to have a certain degree of precision to be accepted over the drop all rule.