ICMP works over IP so it is not really IP vs ICMP. From my experience with various packet-mangling software, "any" matches any available protocol, including ICMP. Though I can not verify it 100%, I would surprised if it was any different in CISCO's IOS or any other
Yes- whether it be an access-list on a PIX or a router, saying 'ip any any' means ANY IP protocol number. It's not the 'ANY' that defines that part of it, by the way, its the "ip" part... (the Any's represent the source and destination IP addresses, just in case there was some confusion)
If you think of TCP/IP in layers, first you have the IP protocol layer. This can be TCP, UDP, ICMP, ESP, GRE, and the list goes on... Once you pick one, for example TCP, then you can deal with the next layer. Inside of TCP, you pick a port number for your traffic, say port 23 (which happens to be Telnet). Now toss some source and destination IP addresses in there and you've got yourself a 'socket', or an established communications session.
If you were interested in blocking ICMP for some reason, but wanted to let all other IP traffic pass, you would simply craft your access list to look like this:
access-list xyz deny icmp any any
access-list xyz permit ip any any
In access-lists, order is everything. They are read linearly - from beginning to end. Newer PIX and IOS code allows for the 'insertion' of a new ACL line in between existing ones by using sequence numbers (a very cool, and long overdue feature by the way).
Here's a good link for you if you are intersted in seeing a list of all of the IP Protocol codes and types presently defined: