@Oh, Tony Thanks for reaching here!
You may refer to below document link-
You can understand the required permissions for each API by looking at relevant documentation.
1. For users/{1}/memberOf
it will be List memberOf
2. For getting all groups - List Groups
If it's just these two calls in your application, Directory.Read.All would be the least privilege required. In case there are other calls, look at their documentation.
Admin Consent-
This depends on what permissions you finally end up deciding as required for your application.
1. You can see it directly in Azure portal. When setting required permissions for your application, each permission has a yes or no next to it to indicate whether Admin consent is required or not.