(I don't get the significance of that statement, but maybe that's not important.
The linked draft did expire on July 6, 2018.)
You certainly could configure unbound to forward DNS to an upstream DoT server, but that would be an unbound configuration issue - Pi-hole wouldn't be involved at all.
In addition, you should note that doing so would defeat the benefits of running unbound as recursive resolver.
You can either have
client ⇄ Pi-hole ⇄ unbound ⇄ (recurse authoritative name servers)
or
client ⇄ Pi-hole ⇄ unbound ⇄ dedicated DoT server.
If you want something like the latter, you could also substitute unbound and have Pi-hole talk to an encrypting DNS proxy of your choice:
client ⇄ Pi-hole ⇄ encrypting proxy ⇄ encrypting DNS server
Pi-hole just needs to be configured to use that encrypting DNS proxy of your choice as its only upstream DNS server.
so it would be more an unbound question to encrypt the request to one of the 13 root servers (found in root.hints)?
I thought it could maybe handled via an dns-crypt proxy or via unbound itself?
Found nothing so far and pihole explains in the docs howto use unbound - so I thought someone could have an advice if/how encryption TO the rootserver could be managed ..... (pihole -> unbound -> root -> unbound -> pihole)