Or you’d want to create a cgroup for the host itself and move all the host processes into that, leaving the remaining CPUs free for container use.
I don’t know if systemd offers an easy way to do that, but you could always write a small script which creates a cgroup under /sys/fs/cgroup/cpuset and move all existing tasks to it, their children will automatically get the same configuration, so the result should be that only LXD will get to use the rest (make sure you don’t put LXD itself in the restricted cgroup though).