@treb0r The sudoer password definitions are used in the users role. Standard Trellis runs dev.yml for development and server.yml for staging/production. Given that dev.yml does not run the users role, roots/trellis#560 removed the unused sudoer password definitions from group_vars/development.
However, I see that you are probably provisioning your LXD container as development using server.yml. This means the users role will run and need the sudoer password definitions, but will no longer find them in group_vars/development.
You could evaluate whether it better suits your needs to use dev.yml instead, or to add back in the sudoer password definitions that were removed in roots/trellis#560.