You cannot update this property directly. Instead, you need to call the PATCH method on the /oauth2PermissionGrants endpoint, referencing the specific grant ID. In PowerShell, this is done via the Update-MgOauth2PermissionGrant cmdlet.
Here's an example. First, get the current set of grants:
Get-MgServicePrincipalOauth2PermissionGrant -ServicePrincipalId $sp.id
Once you have the ID of the grant matching the desired resource, PATCH it:
Update-MgOauth2PermissionGrant -OAuth2PermissionGrantId 4a5jKhfbnUioq9QJcQZikohlrhELZBpBiBJr-xJXoOA -Scope "Mail.Read.Shared User.Read User.ReadBasic.All"
It helps to refer to the Graph documentation on this. As you can see, there is no PATCH method under the /servicePrincipals endpoint > Delegated permissions grant (i.e. [https://learn.microsoft.com/en-us/graph/api/resources/oauth2permissiongrant?view=graph-rest-beta). Instead, you are referred to the PATCH method for the /oauth2PermissionGrants endpoint ([https://learn.microsoft.com/en-us/graph/api/oauth2permissiongrant-update?view=graph-rest-beta&tabs=http).