Well, security.privileged=true pretty much turns off any kind of security, security.nesting=true only makes it slightly worse by making it easier to just mount a new copy of procfs and escape 
It looks like snapd or systemd may have changed in a way which requires mounts that can’t be safely allowed inside of privileged containers, explaining why the security.nesting bits are needed.
It’d be interesting to see the dmesg | grep DENIED output in the failing case.