If I add a certificate on Android (for example for WPA2-Enterprise), do I need to disable security.certerrors.mitm.auto_enable_enterprise_roots if I don't want those with access to the private key to be able to MITM me?
You don't need to, actually. It's one of the few unwalled gardens left on the Internet :). You can ask questions, post answers, and even propose edits to other people's posts without having an account.
Edit: to clarify, I would have answered your question if I knew. I don't, but I think those sites give good answers.