nftables "mark" would behave like pf "tag" if you can filter a packet further downstream based on the value of the mark. (It looks like the mark functionality is also present in iptables.)
If people are using marks for policy-based firewalls a la tag in pf, it doesn't look like a particularly common practice, based on a quick Google search. Anyway, it's a start. Thanks for the pointer.
There's a page somewhere on the nftables wiki that shows all the operations you can do, but you essentially can bitmask and compare, or just compare and do something based on the result of that conditional, so I guess exactly what you want.
If people are using marks for policy-based firewalls a la tag in pf, it doesn't look like a particularly common practice, based on a quick Google search. Anyway, it's a start. Thanks for the pointer.