If you want to track and allow wificalling traffic, it would be best to limit it by the FQDN of the carriers ePDG (their end of the wifi calling session). On the controller this means using the "name" abilities of netdestionations to write ACLs based on DNS snooped names. Then you would put an ACL into the user role along the lines of
user alias wificalling_list udp 4500 permit
Some of ePDG FQDNs for US carriers are listed in the CLI guide, see "voice wificalling (6.5.x) or ucc wificalling (8.x). Generally most carriers follow some sort of naming convention like
epdg.epc.mnc001.mcc123.pub.3gppnetwork.org
where mnc### and mcc### are carrier specific. But, the USA carriers seem to mix it up a bit (you will see in the config guide), so that's not a golden rule. You can also try some broad capturing rules like "*.pub.3gppnetwork.org".
How to find out for your use case ? You can try to ask the carriers, check online forums or capture the packets sent by the device when it's trying to connect to wificalling, the DNS requests sent by the phone will tell you what you need to know.
To capture the phone packets, use a tunnel mode VAP and the 'packet-catpure datapath mac <mac> decrypted' command and either send to a host using packet-capure destination ip-address <ip> (wireshark can decode) or capture to the filesystem (destination filesystem) and extract (packet-capture copy-to-flash datapath-pcap)