From a DNS (leak) perspective, you need to contain the DNS requests within the 192.168.178.1/24 range.
So basically, your devices need to ask a DNS server located in the 192.168.178.1/24 range (192.168.178.48).
This is at IPV4 level. If you have IPV6 enabled, the queries might go (will) though the IPV6 DNS server which (I bet) is different form the Pi-hole IPV6 IP.
This applies to the VPN side of things too, as IPV6 DNS ip (on the client) might override the VPN DNS IP.
Those will most likely not work as the request needs to be authorized by the DNS as in belonging to a NordVPN IP.
You really have everything tangled here.
A clean way of having this working would be like this:
Pi-hole DNS - anything public for upstream (recommending unbound?) or if you know NordVPN allows public requests to them, you can keep those but i doubt they allow anyone to use DNS servers (unless you are on their subnet).
Synolgy at LAN settings use the Pi-hole IP (192.168.178.48 as the DNS).
This is where it gets tricky.
For the VPN server, you need to specify the same Pi-hole IP 192.168.178.48 as the dns so dhcp-option DNS 192.168.178.48
is the approach you need to take.
While I own a Synology, I never used the VPN part of it, so I really don't know the implementation and the IPTABLES rules within.
I use separate dedicated OpenVPN servers, most on raspberry Pi devices, the very same ones that host Pi-hole.
If everything is correct, your client should get an OpenVPN server provided IP when connected, and use the Pi-hole IP.
Now, since you are bypassing the OpenVPN and hence NordVPN DNS, while your connection goes through your NordVPN and hence the NordVPN IP, your DNS query will go through your home IP.
If you want to pas everything though NordVPN, you will most likely lose the ability to use Pi-hole when connected to VPN.
When you say a client, you mean local network right? Not VPN-ed in.
If that's the case, Your DHCP server needs to push the DNS with the IP of the Docker Pihole and Pi-hole's upstream need to be set as the VPN server's IP from the VPN server (not the NordVPN upstream).