To tighten security for each containers that may be own by different clients, is there a way to disable lxc push and pull functionality?
There is no mechanism yet in LXD for discretionary user management regarding the access to the LXD server’s Unix socket.
That is, a user either has full access or no access.
Note though that it could be possible to add some layer on top of LXD (like you get with LXD-Mosaic) to get such a feature.
Having said that, the typical way to allow and disallow per-user access, is to use some standard mechanism like SSH. In addition, you would rather not grant access to the host to users but rather directly to individual containers.