SQL Server is going to do more to that file than just read and write it. For example, in order for SQL to own that file it has to have take ownership rights. That comes with Full Control but not RW. It also needs to potentially change permissions. For the folder level it might need to create temp files to do things like backup or use file groups, etc.
So in theory you might be able to limit SQL Server to just needing specific permissions, in reality it needs a lot so rather than mandating a subset of full rights it is just easier to require full. This also fits into the early versions of SQL that used SYSTEM which has full rights anyway. Since this is a service and a malicious user isn't going to "secretly" install it then it makes sense that the service requires full control rather than a subset. Reduces the likelihood of a file system security error in that case.