In both cases of rootless and rootful-with-non-root process your process is running as a non-root user with respect to the host.
To break out the container will require two steps. First, adguard itself must be exploited. A second exploit is then required elevate privileges from the adguard user to root.
If your attacker successfully gets that far, then having a rootless container would matter, because in a rootful container, root in the container equals root on the host. In a rootless container, "root" only gives you the abilities of the user running the rootless container.
But as you've found, rootless containers can be a pain.
Making sure your container is running as non-root user in a rootful container is better than giving up.