It works, but not in the automatic way the mozilla cannary domain works.
After getting an iCloud+ subscription (which is needed to enable the private relay feature), I saw requests to mask.icloud.com when using safari. After that was sucessfully resolved, no more requests showed up in Pi-hole. (And, by using QUIC via port 443 my firewall on port 53 was also not stopping this traffic).
I set up the two domains as you proposed above as dnsmasq configs and got a warning.
(Text is in German, it basically says that my wifi is not compatible with private relay. In order to establish internet connection again, private relay must be disabled for that network. But then the network will be able to track my internet activity and my IP could be tracked by trackers and web pages)
After disabling private relay for this network the settings shows that it is disabled for that particular network only
I think it is worth discussing a by-default implementation of this @Developers