Another comment mentioned [0]. Enterprise and people running a private CA can set "security.pki.certificate_transparency.disable_for_hosts" to disable CT for certain domains (plus all their subdomains).

I just hope they automatically disable it for non-public tlds, both from IANA and RFC 6762.

[0] https://wiki.mozilla.org/SecurityEngineering/Certificate_Tra...