If I understand correctly, yes they will supercede. The firewall rules under Wireless are enforced on the AP directly, and the rules under Security are enforced on the MX. So if you block something at the AP it's blocked there, and the MX never sees that traffic.
So, if this is correct, I will then only do my L3 rules in the MX to prevent unwanted restrictions.
I know that, in the MX firewall rules, the rules are applied in the order of appearance. With that in mind, if I'd like a specific subnet to have access to specific IP adress, but nothing else, what would be the proper rule?
Can I do deny all, then allow only one IP address? Example:
Good plan. If I have an MX available my preference is to use the MX for rules and not the AP.
Your first example is correct. You have to keep in mind that Meraki has a "permit everything" rule at the end you can't change.
So your approach should be allow as specifically as you can, and then block broadly everything else.
Your second example would likely work, but from an administrative point of view it's harder to read and understand, and more prone to errors if modifications are needed. Especially if it's not you in the future making changes.