
Per my test, I can run the code and add permission to user successfully with your code.
My Token have full control with site. Please check your permission of your azure ad app only.
You can grant Sites.FullControl.All in API permissions
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.