I notice now that it's not for client VPN but for regular site-to-site VPN between 5000 branches.
An MX450 can support up to 5000 tunnels. While not a hard limit I would stay under those numbers.
When you have two in warm spare, it's an active-passive setup. But nothing stops you from having multiple hubs. What you could do is divide those branches up into regions and have a tiered setup. Let's say you have a US East, US West, Europe and Asia hub. Each of those could be hub to 1250 branches. You can select which hub each branch uses as exit hub (you can even have multiple for redundancy). This lowers the number of tunnels needed per hub.
The hubs themselves can be in full mesh to provide connectivity between everything.
You can also use local breakout for regular internet and only use the tunnels for corporate applications. This will also lower the resource usage on the hubs.
Now there are multiple caveats when counting the number of tunnels needed. Like for example when you have multiple WAN connections, a tunnel is built over each WAN connection. I made a post about that earlier:
https://community.meraki.com/t5/Security-SD-WAN/Maths-number-of-tunnels-full-mesh-and-hub-and-spoke/...
That's also the reason why I recommend that you get in contact with a Cisco Meraki partner or a Meraki SE for a huge project like this. They can go into the design deeper and support you in building the right setup.