I don’t think it’s possible to use a user.js file directly without also creating a Firefox profile in the disposable template. To avoid having a profile in the default state of your dispVM either try @dal’s idea of appending firefox-esr.js and/or port the rules from user.js into a config file as described by Mozilla and the following post:
If your threat model for the dispVM allows for it, then simply running Firefox in the appVM before creating the disposable template will allow you to use the user.js file directly. This method is not appropriate if you’re trying to preserve anonymity in your dispVMs, for example, but is fine if you want an established identity along with the other benefits of a dispVM such as non-persistence of cookies or malware…