I just found out that unprivileged container start just fine if they are configured to start automatically during system (and lxc) startup.
I also found https://github.com/lxc/lxc/issues/3100 but could not yet confirm that it is in fact root's umask that is causing the unprivileged containers to fail when starting them manually.
