LACP and Port authentication are indeed mutually exclusive, so you can't use them together.
Note that LACP configuration is static in general as you need to configure which ports belong to what port-channel/trunk, so it is hard to combine that with the dynamics of colorless ports as well.
I haven't tested, but heard that if you don't bundle the AP ports but leave them as two independent ports, you could do 802.1X on the AP uplink for both ports, it just doesn't load-balance and will be more active/passive. You may give that approach a try.