I’d recommend to simply not doing it. The only thing traefik can get from the docker socket is configuration - but you can also just write that configuration in a text file and give it to traefik directly (or use any of the other configuration method that traefik supports).
If you really want to expose the docker socket in a somewhat secure way that is likely to survive a truenas upgrade:
Run a proxy server in a docker container. There are ready made proxy servers for docker which can add authentication and authorization. The one I have used in the past is from tecnativa (GitHub - Tecnativa/docker-socket-proxy: Proxy over your Docker socket to restrict which requests it accepts).