It would have to be at least four independent IPsec SA pairs, each carrying one EoIP, and the EoIP would have to be bonded together - clearly a voucher for a headache. Even worse, if independence of the SA pairs is not enough and you need 4 independent IPsec "sessions", building them between just two public IP addresses is almost mission impossible.
If you want to give it a try, create two private local addresses at one of the devices, and use one tunnel policy with level=unique for each of these addresses at each end, using a common IPsec "session". Then each EoIP tunnel would use another one of these two addresses at that end. This should make it possible for the CCR to handle the cryptography for each pair of SAs by another core, and if it works, you can scale the solution to four tunnels.
However, I'm afraid the overhead of IPsec and of EoIP will eat so much of the throughput that even if you identify and eliminate all sources of fragmentation, you'll end up with 3.5 Gbit/s or even less.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.