Great diagram, thanks! 
I was going to suggest using the proxy device for listening on the LXD host on specific public IPs and forwarding selected ports into the different instances. But the requirement for outbound requests to use their assigned external IP will rule this out (without manual iptables rules anyway). For that you would need something like this to be added to LXD.
Instead, if the external IPs for the instances are dedicated to the instance (i.e the host doesn’t need to use them), then the arguably cleaner approach is to use the routed NIC type which will allow the instance itself to have the external IP assigned inside the instance itself (so that it will both use it for outbound connections and see it assigned on its own NIC).
This will actually remove the need for the managed LXD bridges (lxdbrX) (although you can keep it around for local DNS resolution and other internal only instances perhaps).
The flow of packets would then be:
Internet → eth0 public IP (but not bound on the LXD host) → instance NIC (public IP bound inside the instance).
See How to get LXD containers get IP from the LAN with routed network for more details.