Hi Jon and welcome!
The issue you're experiencing is due to Mp3tag being a sandboxed application. Sandboxed applications require explicit access to files and folders provided by the user via
- an open panel, e.g., with ⌘O
- Drag & Drop
- Services
Mp3tag tries to remember once the permission is given via a "secure bookmark" (the list of them stored at SecurityScopedBookmarks as you already found out). This allows for editing the same files without subsequent requests for permission.
If you drag&drop or open individual files, Mp3tag only gets permission to edit those files. Renaming also requires permission to the enclosing folder. I believe this is what you're observing.
The good thing is, that those secure bookmarks apply to all included files and folders or a folder for which the permission is given. So if you choose a more general folder (e.g., your home directory at ⇧⌘H in the open panel), you can prevent future prompts for any of the containing files and folders. You can also cancel the reading process if it takes longer than acceptable — Mp3tag will store the bookmark no matter what.