I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others", I'll repost your solution in case you'd like to accept the answer.
Error Message:
Status: 403 (This request is denied to perform this operation using this permission.)
ErrorCode: AuthorizationPermissionDenied
Issue:
When requesting a Storage Account User Delegation Key to generate a SAS token to access one of your Storage Account Blobs, you're running into the error message above which could be related to a cross tenant issue.
Solution:
After working with our Azure Support team, you were able to identify that user-assigned managed identities and managed applications have limitations when it comes to cross tenant scenarios.
For example, as a publisher, you cannot see Key Vault secrets, but this is not critical as the app can access them using the user-assigned managed identity. However, in our case, there are some limitations with the storage account that you should be aware of. You cannot create a container, request a user delegation key, and possibly even more. Therefore, for now, I will fall back to the account key to work around these problems.
Since this is a feature/product limitation, I'd also recommend leveraging our User Voice forum and creating a feature request, so our engineering team can look into implementing this. I've also created an internal feature request, so our engineering team is aware of this as well.
If I missed anything please let me know and I'd be happy to add it to my answer, or feel free to comment below with any additional information.
I hope this helps!
If you have any other questions, please let me know. Thank you again for your time and patience throughout this issue.