As long as you don't set an IP for the container, you can still reach it on unraidIP:port even when it's on another custom bridge, as you proxynet.
You are correct in that both containers have to be on the same bridge to talk to each other. That's a security feature so containers can't talk to the host.
I don't think you can set up a route in pfsense to the internal docker network.
If you need mariadb in both the default bridge and in your proxynet, I think the best option is to set up one container in each bridge.