Provided it doesn't match any of your Pi-hole's blocking criteria, a DNS query received by your Pi-hole will be forwarded to one of your Pi-hole's configured upstreams.
If Pi-hole would block a domain, you'd see 0.0.0.0 or :: for reddit.com.
Since you don't, the reply you receive is provided by
a) one of Pi-hole's upstreams
b) a DNS resolver intercepting requests on a client
(a) seems more likely, as you have run your dig from your Pi-hole host machine.
In addition, your dig returning SOA cleanbrowsing.rpz.noc.org. clearly indicates that DNS is handled by CleanBrowsing.org, at least for that specific lookup.
You can reproduce this by forcing a lookup through one of CleanBrowsing's DNS servers, e.g.
dig reddit.com @185.228.168.168
I guess either your router is configured to use the services of CleanBrowsing.org to filter DNS requests, or your ISP is doing so.
Specifically, check whether 185.228.168.168 or 185.228.169.168 would show up as DNS server in your router's configuration.
You'd have to consult your router's documentation and support for further details, or contact your ISP, respectively.