There is no "of course" here in the developer forums. There is no way to tell how much someone knows about the platforms or programming in general.
You might have some difficulty getting such an app into the App Store. I know there are apps in the store that depend on other apps, but I don't know how that works in terms of app review. I can give you technical suggestions on how to live within the sandbox, but be forewarned, you might have other problems later. I've done some really funky things in the Mac App Store and I wouldn't recommend that anyone else attempt things like this in the Mac App Store. It's good for stand-alone apps.
Wither the Docker socket is a symbolic link in /var or a link in some other app's container doesn't matter. Your sandboxed app is going to have difficulty finding and accessing such an object. I asked about the possibility of a sandboxed Docker because the source of that link looks like it is inside the container of another sandboxed app. It's just a curious path for a non-sandboxed app. But ultimately it doesn't matter, it is in a user's home directory where your sandboxed app cannot access.
I'm not sure about trying to use a symbolic link in a common area like /var to point to an otherwise inaccessible file. I don't know if that is sufficient to punch a hole in the sandbox. Apple uses links inside the sandbox itself, but this link exists outside of the sandbox. Even if it works, it is risky. It is something that could easily break with a minor update. Plus, this could cause various app review issues. I strongly suggest a more reliable method. After all, it isn't working for you in development either, is it?
A simple solution is to just ask the user to navigate to and select the unix socket. Then you have a security-scoped bookmark that you can save for later use. This is the Gold Standard solution. It will always work and is the least likely to cause app review problems.
Do you have to use a unix socket for this? Would a TCP socket work? A unix socket doesn't make much sense anyway. I can see a Docker UI app being useful to connect to remove Docker instances. A unix socket would only work on the local machine.