After a few hours of collaborative investigation, the root of this issue is minijail, which should have dropped the supplementary gids (because crosvm never calls minijail_keep_supplementary_gids), but the call crosm does make to minijail_namespace_user_disable_setgroups sets a flag that prevents minijail from dropping the needed permissions with setgroups.
The fix should probably be to have minijal call setgroups after entering the user namespace, but before disallowing setgroups permanently.