It’s entirely up to you. It’s not “double proxy”. Cloudflare’s systems are smarter than that.
Do you want/need to use any Cloudflare features on that subdomain? It’s for you to decide. For example, if you wanted to use Page Rules for forwarding, it would need to be proxied. If you want Cloudflare’s caching and DDoS protection on the subdomain, it has to be proxied.
Keep in mind that if you’re trying to keep your origin IP completely secret, an unproxied CNAME pointing to it will reveal the IP, even if the CNAME target is proxied. But for most people that doesn’t really matter.