Put the pi-hole on a spare WAN port if you have one. All isolated LAN VLANS can access that if you need them to. Otherwise have a dedicated VLAN for the PiHole, then block inter vlan traffic using firewall rules and add a rule to allow access to just the PiHole VLAN.