Documentation clearly describes what it does:
https://wiki.mikrotik.com/wiki/Manual:I ... Properties
Matches the policy used by IpSec. Value is written in following format: direction, policy. Direction is Used to select whether to match the policy used for decapsulation or the policy that will be used for encapsulation.
in - valid in the PREROUTING, INPUT and FORWARD chains
out - valid in the POSTROUTING, OUTPUT and FORWARD chains
ipsec - matches if the packet is subject to IpSec processing;
none - matches packet that is not subject to IpSec processing (for example, IpSec transport packet).
For example, if router receives Ipsec encapsulated Gre packet, then rule ipsec-policy=in,ipsec will match Gre packet, but rule ipsec-policy=in,none will match ESP packet.