Having investigated this some more, the issue is not related to cookie policies, but Safari's Intelligent Traffic Protection. Disabling this in the safari settings resolves the issue, but that doesn't seem like an acceptable solution for end users. More details can be found here: https://video2.skills-academy.com/en-us/azure/active-directory/develop/reference-third-party-cookies-spas
The solution to keep on using EasyAuth in this manner seems to be make the static elements of the solution available from the same Azure Functions end point (or possibly to use Azure Static Websites) so that there is no third-party access involved.