Eventually I found this thread: Adding (self signed) certificates

The TL;DR is:

screen ~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/tty

Login as root, then create a directory for the cert and copy it from your local file system:

mkdir -p /etc/docker/certs.d/example.com:1234 && cp /Users/foo/YOUR_CERT.crt /etc/docker/certs.d/example.com:1234/ca.crt

But as noted you’ll need to redo this every time you restart Docker.app before you can pull from the registry.