You will be better off to just have a single IQN for both the UCS boot config and the ESXi configuration. This is much easier to administer as well as prevent any kind of potential issue with SCSI reservations with multiple initiators. But you do bring up a valid point of restricting access to the boot volume for a given host. Instead I would suggest restricting access to the boot and data volumes using multiple initiator groups.
Let me give an example:
1) From the UCS hardware side, select a single UCS Service Profile level initiator IQN for boot connectivity.
2) On the Nimble Storage target side create an initiator group that includes only the host Service Profile level IQN created above (e.g. esx-host1).
* Note that this initiator group should NOT have the (allow multiple initiators) checkbox selected.
3) Create a boot volume and map it to the single host initiator group (esx-host1)
4) Create a second initiator group that includes all of your ESXi hosts' initiators. (e.g. ESX-Cluster)
* Note that this initiator group should have the (allow multiple initiators) checkbox selected
5) Create and map data volumes to use the ESX-Cluster initiator group.
This solution both restricts access to the boot volume to a single host and at the same time allows access to datastore volumes. For more detailed instruction see: https://infosight.nimblestorage.com/InfoSight/media/cms/active/smartstack_getting_started_guide_iscsi_connectivity.pdf
I don't know if you got an answer to one of your questions, the one about the host accessing the boot LUN. Mostly no it will not. Log files are the only thing that gets written back to the boot LUN. These can be redirected to a different location (via the host's Syslog.global.logDir Advanced setting) and is the preferred method when booting from USB or SD media. Just in case you were curious.