Kinda sounds like Docker may be attempting to use the kernel keyring?
That’d certainly be a new behavior from them…
Unfortunately you version of LXD doesn’t support syscall blacklisting so it’s not particularly easy to test/workaround in your case…
Where did you get that version of Docker?