You budget seems realistic for "gigabit speeds" with more than just NAT in play.
My recent testing indicates that even a desktop-class x86_64 with AES-NI can't handle more than ~500 Mbps for OpenVPN. It will, however handle the ~900 Mbps throughput limit of WireGuard over GigE. This is without SQM. I have not yet examined SQM performance alone, or in conjunction with a VPN.
I don't have any mvebu-based units that I can similarly test. It doesn't look like the Edgerouter 12 is supported by OpenWrt at this time.
I don't know about the CPU performance of the IPQ806x as I don't own one of those either. My gut feeling is that it isn't up to passing a gigabit (or two, if symmetric) through the main CPU. While I have read that it has network-acceleration cores, I don't know the status of their drivers. See further IPQ806x NSS Drivers
For recent discussion of gigabit-speed processing, see the linked post and following