I spent a long time trying to find an answer to this question and figured I would share the answer along with my question in case anyone else has the same issue.
As of today (December 1 2021) you cannot do this. See Server role accounts using ACL tags · Tailscale Docs for this line:
We currently only support tagging devices via CLI, including Linux, macOS, and Windows devices.
However there is an open GitHub issue to allow administrators to tag devices directly using the console, and it looks like that feature is nearing release: Allow admin to override any ACL tags from the admin panel · Issue #2085 · tailscale/tailscale · GitHub
Once administrators can tag devices from the console it should be possible to tag iOS and Android devices. (but I can’t say for sure, or if their behavior would be the same as the behavior of desktop clients)