I am using an app called KeePassDroid as a password manager. Password databases are stored in a *.kdbx file, and also in addition to the password, I use a key file, which it can be any file type, but in my case, I use a *.jpg file. Both files (database and key file) are not located in standard location (Documents, Pictures etc), rather in folders created by myself for this purpose.
The application has access to both files with no permissions granted. Storage scopes are not activated either. Howerver, in "app info" > Storage & cache, there is a button called "Clear access", and there is a line stating "External Storage 1 item". If I push this button, the storage permission is removed, and the external storage line disappears. If I uninstal and reinstall the app, storage access come back by default.