Sorry, but I missed the part about the IPsec Policy using src-address=0.0.0.0/0 which will catch everything before routing. “Packet Flow in RouterOS - IPSec Policies”.
Unfortunately, it becomes a bit problematic as RoS lacks modern IPsec VTI thus you cannot work using regular interfaces, but you can for example trigger a script that enables the IPsec tunnel if the usual default gateway goes down like I linked to in the previous post. There are a few other options if you google “mikrotik failover to ipsec” like for example this. Check them out and come back if they wouldn’t work in your case. Perhaps Wireguard or ZeroTier could be an option?
You might also consider the need for some kind of automatic fallback when the main interface is back online.
Just curious but why use IPsec only on the LTE interface?