There’s really nothing we can do at the LXC/LXD level. This isn’t something that userspace can do. It would need the Linux kernel to do it which is what OpenVZ and others have done through custom patches.
Upstream Linux kernel has so far had no interest whatsoever in so called device namespaces so we don’t expect this to change any time soon.
As I pointed out above, one may be able to make this less of an issue by either altering the permissions in the host’s /sys through udev rules or by setting up apparmor policies that would prevent access from the instance. Though with both of those you run the risk of blocking entries that software in the instance does access, causing crashes.