I’m not sure that we have such a capability right now other than to have an agent with
snapd-control connected do a POST to /v2/interfaces to disconnect the interface.
The only other way today would be to issue a new snap declaration for the docker snap which does not auto-connect the privileged interface, such that new installs would not have it auto-connected, but existing installs which have it connected would not be disconnected.
Eventually we will have snap declarations that are able to be scoped to specific stores/models, so in this world you could have a snap declaration for the docker snap which for your specific brand store / model does not have the auto-connection in the snap declaration and when installing on your devices the docker snap would not have that auto-connected. I’m not sure we have a bug for that but it is on our generic roadmap of things to do “sometime”, so if you want to file a bug we will keep that updated with our progress on implementing that feature.