How about creating a file system hard link from the database file(s) necessary for the workflow, to a folder the workflow already has read/write access to?

Does the macOS filesystem API support this? I would expect TCC to stop an attempt like this dead in its tracks.

I created a blank workflow, hard linked the chat.db file to the workflow directory.

Created a tst.py file in the workflow directory with the following:

import sqlite3
import pandas as s
conn = sqlite3.connect('/Users/s/Library/nnnnnnnn/Alfred.alfredpreferences/workflows/user.workflow.73F70799-A3B3-42F6-A78C-A6E220DE6B8C/chat.db')
cur = conn.cursor()
cur.execute(" select name from sqlite_master where type = 'table' ")
for name in cur.fetchall():
    print(name)

Then an Alfred run script action with the following:

python3 tst.py >> log.txt

After running the Alfred workflow, log.txt contains:

('_SqliteDatabaseProperties',)
('deleted_messages',)
('sqlite_sequence',)
('chat_handle_join',)
('sync_deleted_messages',)
('message_processing_task',)
('handle',)
('sync_deleted_chats',)
('message_attachment_join',)
('sync_deleted_attachments',)
('kvtable',)
('chat_message_join',)
('message',)
('chat',)
('attachment',)
('chat_recoverable_message_join',)
('unsynced_removed_recoverable_messages',)
('recoverable_message_part',)
('sqlite_stat1',)

Alfred 5 does not have full disk access. I am on latest macOS on a macbook air m1.
Appears to work?

(So a manual step would be needed in the installation/setup of the workflow; the user need to shell out and hard link the file him/herself.)

Did you get around to testing this?