The purpose of using GRE encapsiulation over IPSec is to allow multicast routing updates to flow between the hub and spoke routers.
Is there another purpose for running GRE with IPSec?
If only static routing is used, is there a need for GRE?
In a second set of questions...
If GRE is used, one can leverage DMVPN to facilitate configuration and adding spokes.
If GRE is not used, is there a mechanism native to IPSec to make the adding of spokes streamlined in the same way GRE streamlines the process?