Does First ACL Rule Remove Implicit ‘To Less Secure’ Rule in Cisco ASA?

I would not recommend putting an ACL on a VPN interface (physical or logical source)/tunnel interface(if you are using the newer transport mode configuration) to restrict the traffic thru a VPN. You should modify your ACL for the VPN in a similar manner to what I have posted on your other question Efficient crypto ACL's?

If you wish to send the traffic from just one host thru a VPN, your ACL should have that host's IP as the source address, and whatever remote resources you would like that host to access as the destination address/network. I.e. If your host is 192.168.1.100 and he will be sending traffic to Microsoft Azure cloud network with the LAN addressing being 172.16.0.0/16, you would need the ACL to look like the following

permit IP host 192.168.1.100 172.16.0.0 0.0.255.255

Without the use of same-security, traffic will not flow between interfaces at the same security level. That's the way it's designed, and the very purpose of those commands. No amount of ACLs can override that basic function. Once inter-interface/intra-interface is enabled -- thus allowing traffic at all -- ACLs will apply.

(You could set interfaces to different levels and use NAT/ACLs to control the traffic, but your restrictions don't allow that either. And it's a mess to maintain.)