I have read through a lot of material but can't see a clear answer anywhere. I think to understand CAA fully you have to read a lot of RFC material. Question:
If I wanted to allow absolutely all certificates to be issued for example.com from both LetsEncrypt & Digicert do I need both 'issue' and 'issuewild' records for both LetsEncrypt & Digicert? I.e.
I think you didn't quite say what you meant, if you want only Digicert & Sectigo then you wouldn't be including Let's Encrypt.
If there are no issuewild entries, then wildcards follow the issue entries. That is, if you have any issuewild at all, then a wildcard has to match them, but if you only have issue entries, then they apply for both wildcard and non-wildcard certs.
Agreed, it (like many things relating to certificates) seems a lot more confusing than it has to be, with lots of cross-references to lots of documents. In this case, the paragraph I think you're looking for is in RFC 8659, section 4.3,
If at least one issuewild Property is specified in the Relevant RRset for a Wildcard Domain Name, each issue Property MUST be ignored when processing a request for that Wildcard Domain Name.
Which is trying to say that wildcards use the issuewild instead of issue, only if there is at least one issuewild property in existance.