Thanks for the clarification.
PVLAN is not a solution for our issue. With PVLAN each host can only communicate with the gateway not each other. This would likely not be good for your customers with multiple devices that they would want to talk to each other. And it will not prevent someone for adding another host ip address in the same subnet which you had allocated to someone else.
Your only real solution to locking down ip addresses per client is to assign each client their own subnet and gateway. With this restriction they cannot step outside their allocation onto other client services. The MX is a good platform to scale out this type of multiple VLAN and ip range setup.