So, it seems that security.privileged=true and security.nested=true (see apparmor="DENIED" operation="mount" - #10 by Andrew_Wilson) are required to be able to mount NFS in a container.
@stgraber, can you please expand on the motivation? did the scenario change since then?