I think doing this in place is going to be extremely challenging.
What you could do is boot a second prometheus pod, backed by an encrypted PVC, and configure the first prometheus to remote-write to the second instance.
If you set up the constraints on your cluster nodes correctly via taints and tolerations, you can ensure both prometheus pods run on the same node. You will then be able to ssh in to the eks node, find the two PVC volumes as local filesystem mounts, and cp -R from the source unencrypted volume to the target encrypted volume.
This should allow you to shift the data with no loss.
While on the subject of prometheus - take a look at VictoriaMetrics - it is a near-100% compatible drop-in for prometheus which uses less memory and is much more io and cpu efficient. These are major wins if you need prometheus in a EKS environment.