I just have been reading this and this article.
It looks like you can inform the apple device NOT to use the private relay by creating 2 specific DNS entries for the domains
mask.icloud.com
mask-h2.icloud.com
I currently don't have a MAC available to test this, but if somebody is willing to test this...
create a file /etc/dnsmasq.d/xx-NXDOMAIN.conf, (replace xx with an unused number), content:
server=/mask.icloud.com/
server=/mask-h2.icloud.com/
and restart pihole-FTL (sudo service pihole-FTL restart)
This will ensure the reply to dig mask.icloud.com is NXDOMAIN. According to the earlier mentioned docs, this dig is used to find geografically localized relay addresses, if there are no addresses in the reply, the apple device will not use any relays (feature disabled).
Again, I haven't been able to test this, so any feedback would be usefull.