On Linux, extra groups are managed by userspace, not by the kernel.
PAM is what reads your /etc/group to look at your extra groups and add them to the current user during login.
When you use something like lxc-attach, you’re only dealing with what the kernel can do, so no extra groups.
But if as the root user in the container you spawn your unprivileged task through su NAME -c "command", then su will go through PAM, and so your user will get its extra groups initialized.