alt Hacker NewsThe security-scoped bookmark is exactly why a user should treat all macOS file access permission prompts as permanent. There is also no UI to show to a user whether an app has created a security-scoped bookmark.
And this is for sandboxed apps. You correctly point out that non-sandboxed apps have even more access. So a user’s mental model should be that all open dialogs grant permanent access.
tccutil reset All co.eclecticlight.Insent and reboot isn't actually working for me.
Thus, there's no way to remove access short of disabling SIP and deleting the com.apple.macl xattr.