Forgot to say, this was checked on macOS Sonoma 14.6.1

edit: Accidentally posted twice, removed the second one

Can you expand on what you mean by "As a note, wrapping a Daemon in an app bundle helps it access the System Keychain." How does that help? How do apps have less strict access rules to the System Keychain than a plain daemon?

Thank you Quinn. If an option to increase security exists, I will always take it. Better overprotect than under, I'll go with SMJobBless. I'm grateful for the advices!

This is submitted as FB18576105.

So why can I observe the behavior I outlined above?

Thank you for your very detailed answer, it has put a lot of puzzle pieces to their right place in my head!