Application access policies are an Exchange Online functionality, they only apply to Exchange permissions. For SPO permissions, you can use the method outlined here: https://devblogs.microsoft.com/microsoft365dev/controlling-app-access-on-specific-sharepoint-site-collections/
Make sure you use the Sites.Selected scope instead of Sites.Read.All or Files.Read.All though.
Lastly, there is no method to restrict User.Read.All permissions when used in the application context.