Is it possible to transfer a domain without a "gap" in Whois privacy protection?

The new registrar will send an "approval request" (that is what GoDaddy calls it) to your previous (current at the time) registrar.

Here is the important part. If the privacy service of the previous (current at the time) registrar forwards the "approval request" then you will probably be able to do the transfer without disabling privacy. Many privacy services do not forward messages so that is why privacy must be disabled for them.

So now I know that prior to selecting a registrar, I must determine if the registrar's privacy service forwards email sent to the account in the domain registration.

It depends on the new maintainer. When you authorize the transfer to the new maintainer and the maintainer keeps in charge the domain, it has to provide contact details for the domain.

You just need to make sure you purchased the Privacy option and make sure the new maintainer will send the protected contact details.

You might want to contact the new maintainer before performing the transfer to make sure privacy protection is enabled during the migration.

It's not always possible, for example GoDaddy prevents transfers away from them without disabling the privacy protection first (docs):

You can't transfer your domain [...] if your domain has Ownership Protection.

There's also a "helpful" message about this when you turn it off:

Turning off privacy exposes your contact info to the public. Once it's out there, it can be misused for spam email, robocalls and phishing attacks, even if you turn it back on later.

Almost seems like they want to discourage you from moving away by scaring you with phishing attacks. On the other hand, it seems to be possible with good registrars.