I know the 3750X's have a management interface on the back which is a 10/100 Fast ethernet port. Its right next to the RJ-45 console port. I also believe that the 2960 switch that you listed there also has a management port on the front of it, above the SFP ports.
Assuming your switches aren't too far away, you could use the management interfaces to manage your devices remotely if you will. Of course you would require additional cabling back to another "management switch" which would likely contain the VLAN required just to manage these devices.
Otherwise, you could also run a terminal server server such as an OpenGear or something of that nature and have the console connections linked back to this device in order to remotely control them if your entire network is having issues or what not.
These management interfaces do operate on their own VRF and will also not participate in STP as they're not running on the active VLAN that is being trunked down to them. However, I have seen it where some organizations like to have the management VLAN on the same subnet as the hosts on the switch. This allows them to ping and check the arp table/mac address table and pinpoint where devices are a bit easier than if it was just a simple L2 network. There are of course pro's and con's to each method, however, given that you wanted to go about a out-of-band method. I would say the management interface is probably is your best direction.
I don't know of any switches that are 802.1x supplicants, so Option A is probably out. So between Options B and C, the primary difference is cost. I imagine rewiring your office is both expensive and disruptive, vs the cost and the hassle of managing all those new switches.
The real question you should be asking is, what threat am I defending against, and what is the real risk? Are you really worried that someone might sneak into your building (I have no idea what kind of office you're in or where it is) and plug in an unknown device? Why would they do that? The question should not be "is it possible," but "is it a significant risk worth the cost of rewiring or buying new switches?"
As an example, in the office I'm currently working (a quasi-government agency), we do not have 802.1x. In theory, anyone can plug a device into the network. But in order to do so, you first have to get by the guards at the entrance, and you would need a badge with a card key. If you are an employee, you would know that there is a policy prohibiting unauthorized devices on the network.
Clearly, if you really, really wanted to, you could bypass all these controls. But management has decided that these controls are sufficient, given the risk to the network. Frankly, if you really wanted something on our network, it would be easier to pwn a machine and steal it remotely. That way, you could take your time and avoid the risk of detection and arrest.
My point is: just because you have a shiny new 802.1x system for wifi, it doesn't mean you need it for your wired network. Or if you do decide to use it, tamper-proof boxes, etc, may not be necessary. You (and management) need to weigh the risk against the cost of new switches, wiring, maintenance and reliability (what happens if your RADIUS server crashes? Does that block all network access?).
Maybe you work in a high-security environment where all these controls are necessary. But I'm guessing you have a solution looking for a problem. Best to weigh the risk vs cost. That analysis will allow you to justify the costs (monetary and operational) to management.
Best Answer
Your stack switches should be connected to both routers. That way, you will have redundancy if a router fails. If possible, your servers should also be dual-homed to both routers. VRRP will do you no good unless you are connected to both routers.
Unless you intend to apply access lists to restrict data flows between user groups, creating lots of VLANs doesn't buy you much. There's no hard and fast rule here -- just don't make it more complicated than necessary.
You don't mention what your load balancer will be used for, so it's hard to say where it belongs.