Note that this isn't "Mac's sandbox system", it's TCC. That's an important distinction to make, because apps that have opted into the proper App Sandbox can't do this... they don't even have the ability to display a prompt for direct access to Documents/.
With the App Sandbox, sandbox extensions are issues whenever you open a file using the file picker. They only last until the app is restarted.
A caveat is that you can save "Security Scoped bookmarks" (basically a signed base64 blob [1]) and pass that around to preserve access, but that isn't very common.
[1] https://www.mothersruin.com/software/Archaeology/reverse/boo...
Yes, TCC is what I meant, but my understanding is TCC is a platform wide sandboxing system?
TCC is a leaky shoot at limiting non-sandboxed apps permissions. The actual macOS sandbox is a different thing.
I would say that TCC is working as intended, unfortunately, with many obscure behaviors to avoid breaking existing apps.
It's even more unfortunate that a lot of apps that could be easily sandboxed aren't.