Privacy laws, such as GDPR, which is what Ezoic Consent Management is meant for, are focused on personally identifying information. Google Analytics being able to count visits to your site is not personally identifying information, so it is able to track that before a visitor has given consent.
If you would like to eliminate all cookies set via HTTP prior to consent, you can enable "Super Compliance Mode" in the privacy settings. Super Compliance Mode will not eliminate cookies set by javascript, however it will reduce a lot of the cookies being set.