Hello,
I think this can be done:
"Create a User-Defined Tunnel-Group
This method requires slighly more configuration, but it allows for more granularity. Each peer can have its own separate policy and pre-shared key. However here it is important to change the ISAKMP ID on the dynamic peer so that it uses a name instead of an IP address. This allows the static ASA to match the incoming ISAKMP initialisation request to the right tunnel group and to use the right policies."
Take a look on this link for configuration example:
https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118652-configure-asa-00.html
I didn´t try this yet but this is an interesting stuff. Please, share your progress.
You force ASA match ISAKMP IDs, that way, you can create an 'list of allowed peer' by IDs.