You have conflated two technologies - Strict Transport Security, which is a header that tells the browser to stick to TLS connections only. If your admin has deployed a CA that your browser trusts and uses a cert from that CA to MITM your traffic, they will have no problems doing so ;)
Certificate pinning, on the other hand, allows a client to refuse to connect to a TLS service that fails to prevent the correct certificate. This is generally a win, however it still doesn't give you what you want.
Firefox and Chromium (including Chrome) browsers will only validate certificate pins if the presented certificate is a public trust anchor (in otherwords, the certificates deployed by the operating system). If the certificate chains to a private trust anchor (a certificate installed by your admin), Firefox and Chromium based browsers will smile, wink, and play along.
So, yes, in theory these technologies could protect you, but the vendors that implemented Public Key Pinning opted to support the enterprise use case instead of protecting users.
Certificate pinning, on the other hand, allows a client to refuse to connect to a TLS service that fails to prevent the correct certificate. This is generally a win, however it still doesn't give you what you want.
Firefox and Chromium (including Chrome) browsers will only validate certificate pins if the presented certificate is a public trust anchor (in otherwords, the certificates deployed by the operating system). If the certificate chains to a private trust anchor (a certificate installed by your admin), Firefox and Chromium based browsers will smile, wink, and play along.
So, yes, in theory these technologies could protect you, but the vendors that implemented Public Key Pinning opted to support the enterprise use case instead of protecting users.