Re: Allow-configuration class / Correct regular expression
Not sure what version you're running, but I tested your config on 12.3R8 on a EX8200 and it mostly worked. For some reason ethernet-switching-options still showed the uac-policy option.
I tried using the allow-configuration-regexps option instead. That one worked properly, only giving access to the configuration levels specified. To restrict access to the uplink ports like you were trying to do I listed them out.
I tried the exact same config on 12.3R7 on a EX4200 and it didn't work. All of the top level configuration items were visible to "set ?", but trying to go into any that were not allowed failed. Command completion didn't work for any of the items. Typing out the ones manually allowed did work. After upgrading the EX4200 to 12.3R8, it worked correctly. The broken behavior is probably due to PR931415 even though the PR is listed for MX and SRX only.
Note that the uplink interfaces are still visible if you do ? in eth-switching voip interface, but it won't allow them to be specified.
Caveat: When inside "ethernet-switching-options vlan voip", ? doesn't expand to a list of interfaces with this config. Instead, you have to manually type out the interface. If you want the automatic expansion then you'd have to do a mix of the prior and this one. Drop the interface from the eth-switching allow item and add back the deny eth-switching interface item.
Oh, and the allow/deny-configuration-regexps says it was added in 11.2. If you're on an older version I strongly recommend upgrading.