As Michael noted, you could use the same IP for SNAT on both controllers. I wouldn't recommend this unless your controllers are running master/standby and only one controller can obtain the role of terminating AP's at a time.
If your using a master/local and get yourself in a situation where both controllers are terminating AP's (this could happen due to a number of reasons) then you may be finding yourself with broken traffic flows, since both controllers will SNAT the same IP. Even with IP mobility enabled you may get cases that the home agent is not on the controller with the active VRRP.
My recommendation for an L3 deployment would be to route the traffic and dont SNAT on the controller at all. This would leave the firewall to SNAT and you would have more insight to end users traffic. The other option would be to use L2 and move the default gateway to firewall.
With trying to preserve the client sessions in the firewall, I would target the design with the default gateway residing on firewall and extend the vlan to the aruba environment. The other factor that comes into play would be the preservation of clients IP. With most customers having HA firewalls, its easier to create the guest dhcp service on firewall, as this will also help preserve the IP amongst controller failures.