LXD's main security mechanism for local users is done through group membership.
The LXD snap assumes the existence of a "lxd" group and makes the lxd unix socket owned by that group. That way only members of that group (or root) may access LXD.
snapd interfaces work great to prevent other snaps from talking to LXD, but do not help restricting access from other applications (on classic).
For the time being, the LXD snap simply assumes that the "lxd" group exists. If it doesn't the daemon will fail to start.
This bug is to track both a temporary workaround (as suggested by Mark in comments below) to just have snapd always create the "lxd" system group if it doesn't exist.
And to discuss what the right mechanism to manage groups would be moving forward.
So after further discussion it sounds like what we want is actually the ability to get a group created on the system.
We'd then have a "lxd" group appear when the lxd snap is installed, our unix socket would be owned by root:lxd 0660 just like it is right now with the deb version.
Snaps that connect to lxd and run as root (most of them) will be able to talk to it, anything else will need to be added to the lxd group by an admin first.
This fixes the security concern in a way which requires explicit user interaction when granting unprivileged users access to LXD.