Yes, yes and yes. In theory, all he needs is all the dumps with encryption keys of each of connections.
In practice it gets a bit tricky. First, we are dispersing according to layer2 hashing policy, encrypted traffic via various ports of the bonding without any rule (pseudo round-robin). If TCP retransmission occurs, the ACK is not getting back, and the same packet is being transmitted on another port member. That will make same packet encrypted with another key, making it impossible for statistical analysis in order to derive key. Setting different MTU on each port will make this a nightmare as retransmission of same packet of different size will take place, while the aggregation of bandwidth will take care there's no strong impact over the huge retransmission.

With site-to-site GRE setup such as this one, IKE initiation is crucial if one want's to eventually reconstruct who is communicating with who within the encrypted domain, making it close to impossible without having raw dumps since the beginning of communication of each bonding member port. And if connection drops, which is expected to happen more frequently due to retransmission, remaining ports will take over - while the dropped one get's established again. (New IKE, news Timestamps, both phase 1 and phase 2).

As a result, not only keys are needed, but keys generated every-time the member port get's dropped, which is going to be unique. The connection will be persistent without any service degradation since aggregation compensate dropped member, and we can expect all 4 to get dropped constantly but hardly at the same time.

With the statistical analysis (Frequency Analysis, the scientific term) is impossible as a method to derive keys, even if someone does that somehow, it would take him the hell of the headache to reconstruct the communication. In practice, the chances to succeed are close to impossible. Take into account the example uses 4 Wans. Each additional port member will make it exponentially harder, and not only you can put more wans in real time, you can do multiple port members on single GRE to make it even worst.

You are theoretically right, but in practice, even if attacker manage to get the dumps of all eight ISP's in two different countries (very unlikely that all of them keep the whole dumps, as it's nowadays cheaper for small ISP's to pay the fines then store that much data), the real problem begins once he has it all.

But, In order to know if it has it all, he needs to decrypt whole communication, which is impossible without having it all. Or, If you like, "where's the can opener - inside the can" :)

Chances of reconstruction are so small that we can safely assume they are zero.