Hello Azm
First of all…
This depends on the IOS version being used, and what capabilities both it and the platform have. To verify this, you can always use Cisco’s feature navigator.
A policy map will employ its policies (such as marking packets) regardless of whether or not there is congestion.
Yes, you can employ that. This is for dealing with congestion on ports carrying traffic towards the Internet. The core switches can mark the traffic based on the applications being used, and the QoS mechanisms can be employed on the outgoing ports of the switches (towards the Internet).
Now if you are seeing dropped incoming packets on an interface, there is no way to employ any QoS mechanisms to alleviate such drops. As far as incoming traffic goes, you are at the mercy of the sending device. In your scenario, the interfaces of the L2 switch where the dropped packets are being seen are at the mercy of the senders which are the firewalls. This is why any QoS mechanisms should be applied to the sending device, which in this case is the firewalls. But as you say, this is not an option based on the requirements.
The only other option is to go further upstream to the other L2 switch or the two Internet routers to employ the traffic shaping/policing you need.
There are some best practices for what kind of traffic should be marked with what kind of DSCP values. This document is a good start for deciding on how to implement DSCP.
I hope this has been helpful!
Laz