From the docs:
File permissions
By default, external Python and R scripts only have read access permission to their working directories.
If your Python or R scripts need access to any other directory, you need give either Read & execute and/or Write permissions to the NT Service\MSSQLLaunchpad service user account and ALL APPLICATION PACKAGES on this directory.
Follow the steps below to grant access.
In File Explorer, right click on the folder you want to use as working directory, and select Properties.
Select Security and click Edit... to change permissions.
Click Add...
Make sure the From this location is the local computer name.
Enter ALL APPLICATION PACKAGES in Enter the object names to select and click Check Names. Click OK.
Select Read & execute under the Allow column.
Select Write under the Allow column, if you want to grant write permissions.
Click OK and OK.
SQL Server 2019 on Windows: Isolation changes for Machine Learning Services - File Permissions
The reason granting folder permissions to the accounts is because it's using the Windows Mandatory Integrity Control which allows you to specify that an application runs without access to the permissions of the account it's running under.
Mandatory Integrity Control (MIC) provides a mechanism for controlling access to securable objects. This mechanism is in addition to discretionary access control and evaluates access before access checks against an object's discretionary access control list (DACL) are evaluated.
This feature was initially introduced to allow web browsers to run with less than the desktop user's security privileges.