According to WWDC 2019 Session 701 Advances in macOS Security, user intent for accessing protected locations is inferred when the user opens a file or folder using an NSOpenPanel. The app's access to those protected locations seems to persist across launches, and across reboots of macOS.
Where are those access permissions stored? How can they be reset for testing, or when a user no longer wants a certain app to have access to a file or folder? They don't seem to be stored in TCC.db or be resetable through tccutil.