Hi,
I have the same problem here with both WebApp and Container Registry having private endpoint.
I found 2 solutions
First One : Enable the WebApp Network Integration on a dedicated subnet and set a configuration value in Webapp
Webapp configuration Name : WEBSITE_PULL_IMAGE_OVER_VNET
Webapp configuration value : true
Second One : i considered this is a bug => so temporarly added the public IPs of the webapp to the ACR Enable Public access from selected networks
Waiting for MS to resolve without the need to create a subnet delegated zone for webapps.
Maybe there will be a conf variable like WEBSITE_PULL_IMAGE_OVER_PRIVATE_ENDPOINT :D