I believe you are running into the new Ubuntu apparmor kernel settings, specifically enforcing stacking profiles.
Related: AppArmor blocks sending signals on Ubuntu 25.04 host
security.privileged=true will disable the apparmor profile, just like doing a aa_teardown, so then the apt update will work.
I believe the apparmor profile in the stable releases now have some special handling when stacking is enforced, so either upgrading to the latest stable version, or adding some extra apparmor rules in the config, like in the related issue, will fix this without compromising security.