Would a set of rules allowing L2TP from any public ip addrss represent a security issue ?

i.e.
anyone is allowed to reach those ports (as road warriors use a lot of continuosly different ip addresses)

Any thougth ?

One clear point is that the rule permitting access to UDP port 1701 should contain an additional condition, ipsec-policy=in,ipsec, otherwise the port is open also for plain L2TP access not tunnelled via IPsec (I'm not sure how exactly use-ipsec=required modifies the behaviour of the l2tp server itself).

Other than that, the security of the L2TP/IPsec mainly depends on the IPsec part, so it depends on the strength of permitted authentication and encryption algorithms; the strongest algorithms supported by the built-in clients of Windows and Android are weaker than the strongest ones supported by Mikrotik.

You may want to implement some "ban on failed login attempt" logic into the firewall, consisting in banning access for some time for source addresses which do not send a packet to UDP/1701 within a few seconds after sending a packet to UDP/500 and/or UDP/4500, which indicates that they failed to authenticate at IPsec level.

The issue with the security of IPsec and allowing access like this is not in the strength of the ciphers, but in any security
issues in the implementation. By allowing UDP port 500/4500 access you provide access to the IPsec engine on the
router, which could turn out to have security issues similar to the webserver and winbox issues that have occurred.
This will always be a risk unless you implement difficult-to-use port knocking sequences etc.