Mac App Store embedded application fails basic networking (loading a public website)

As a followup to this question...

I have a parent app and an embedded child app. This child does nothing but open a WKWebView to a public URL as a test case.

In development I have the debug entitlements for Child.app to include:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>com.apple.security.app-sandbox</key>
        <true/>
        <key>com.apple.security.network.client</key>
        <true/>
</dict>
</plist>

Building and running Child.app does as expected (opens a view and displays a public website).

Embedding this Child.app I have the entitlements set in Release as:

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>com.apple.security.app-sandbox</key>
        <true/>
        <key>com.apple.security.inherit</key>
        <true/>
</dict>
</plist>

The parent app that embeds Child.app has these entitlements:

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>com.apple.developer.networking.networkextension</key>
        <array>
                <string>packet-tunnel-provider</string>
        </array>
        <key>com.apple.security.app-sandbox</key>
        <true/>
        <key>com.apple.security.application-groups</key>
        <array>
                <string>group.com.foo</string>
        </array>
        <key>com.apple.security.automation.apple-events</key>
        <true/>
        <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
        <true/>
        <key>com.apple.security.cs.disable-library-validation</key>
        <true/>
        <key>com.apple.security.device.audio-input</key>
        <true/>
        <key>com.apple.security.device.bluetooth</key>
        <true/>
        <key>com.apple.security.device.camera</key>
        <true/>
        <key>com.apple.security.network.client</key>
        <true/>
        <key>com.apple.security.network.server</key>
        <true/>
</dict>
</plist>

My understanding is that Child.app would inherit all of these entitlements and thus be able to open a website.

When I dump the entitlements of what gets installed via TestFlight I can confirm the entitlements are as I expect:

Executable=/Applications/Foo One.app/Contents/MacOS/Child.app/Contents/MacOS/Child

Warning: Specifying ':' in the path is deprecated and will not work in a future release

<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict><key>beta-reports-active</key><true/><key>com.apple.application-identifier</key><string>367***NY2.com.foo.Child</string><key>com.apple.developer.team-identifier</key><string>367***NY2</string><key>com.apple.security.app-sandbox</key><true/><key>com.apple.security.inherit</key><true/></dict>

I watch Console to see if anything jumps out at me but I don't see any errors yet Child.app displays a blank WKWebView and never even seems to try to connect to the URL.