I am not super surprised that a snap does not use certs from the system out of the box. I was googling if there is an interface/portal for such. Only found that the same issue exists in chromium. It seems the snaps use the certs provided by the base snap.
The most relevant comment over there:
The chromium snap's generated apparmor profile does include <abstractions/ssl_certs>, which allows read access to /etc/ssl/certs/ and /usr/local/share/ca-certificates/, among other paths¹.
So the problem is not confinement per se, but the fact that the core snap shadows these directories.
I wonder if using the system-files interface² would be a valid use case to expose these certificates in a read-only fashion.
¹ see /etc/apparmor.d/abstractions/ssl_certs for reference
² https://snapcraft.io/docs/system-files-interface
Maybe open an bug against firefox/brave?
edit: also related using-the-system-certificate-authorities
edit2: further down the rabbit hole there is a workaround