How to install a custom CA as a system certificate (not user CA) on fully managed Android device with Android Management API?

I am developing an Android Enterprise solution where I provision devices as fully managed (Device Owner) using the Android Management API. My requirement is to install my own custom CA certificate into the system trust store so that all apps on the device will trust it automatically — not just apps that trust user-installed CAs. So the problem is that even on a fully managed (Device Owner) device DevicePolicyManager.installCaCert() only installs into the user CA store. Many apps using network security config with trust-anchors restricted to system do not trust user-installed CAs. In the Android Management API policies docs I haven't found any options that will allow me to do that either. There appears to be no way via Android Management API to install my CA into the system store after provisioning. Is there any current officially supported method in Android Management API to install a system CA (not user CA)? If not, are there any other methods to achieve that(I don't consider using root for this, as it may break overall user experience using other apps and services).