You will need to change the perms on the device, if as an example, you have something like fred:100000:65536 in your /etc/subgid file then dialout which has a GID of 18 in the container will map to something like 1000018 outside the container. Something along the lines of:
sudo setfacl -m g:100018:rw /dev/ttyACM0
on the host should allow the dialout group in the container access to the device, this ACL will not survive a reboot so you will want to setup a udev rule to add it when the device node is created.
To identify the correct group id, in the container run:
sg dialout -c ‘sleep 1000’
then on the host run:
ps -eo “user,group,args” | grep sleep
this should show the UID and GID of the process.