I do not believe ClearPass can natively add anything to an authentication before querying LDAP. You can add a suffix or prefix to a device afterward, which will show up in Access Tracker, but not as a part of the actual authentication.
You may be able to do that in the actual LDAP Authentication Source by customizing the query, but I would work with TAC to go through it.
I'm a little confused though, what's the need to add the special character? We're integrated with AD and do the same stripping and do not need to add anything special for it to work.