I disagree. If both the ingress and egress port of a given frame are "hardware offloaded", what you write is true, but the OP speaks specifically about frames forwarded from an EoIP ingress port (which is not a hardware port so it cannot be hardware-offloaded) to hardware-offloaded ether1 as egress port, and such frames do pass over the CPU port to which the switch chip is connected so they should be seen in the capture.
I've made a similar experience yesterday with locally originated frames (from /IP dhcp-client) and frames forwarded from a wireless interface (so also passing through the CPU port) via the only ether interface to be connected. The inress frames via that only ether are sniffed, the egress ones are not, much like the OP suggests.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.