Vault does not have support for copying CSR extensions to end-entity certificates.
There is limited support in a couple of endpoints (sign-intermediate and sign-verbatim) but they are highly privileged endpoints which bypass much of the policy Vault would otherwise enforce, so are typically not useful for general use cases.
Right, so a totally custom extension - there is no way to add that to Vault-generated end-entity certificates. (Short of sign-verbatim, at which point you’ve bypassed nearly all of the value of using Vault PKI anyway.)
You’ll need to consider either forking the Go code of the PKI secrets engine, modifying it, and loading it as a custom plugin, or using software other than Vault for this.