As explained, leaking MAC addresses is not required at all, and if you want to use ECS, installing a DoT proxy in front of Pi-hole would allow you to do so, without being prone to DNS amplification attacks, while offering the additional benefit of allowing smartphones to enable their Private DNS feature to use your cloud-based Pi-hole (and it is not public DNS servers like Google or OpenDNS picking topologically closer IPs for replies, but authoritative DNS servers).
Some cloud providers may offer the necessary software and instructions how to do set up a DoT server, and we also received reports from users successfully adding Pi-hole to such a solution, e.g. Specifying UDP Bind Address - #22 by matan129.