Publish requires a certain level of permission that you must grant via the application previously registered in AzureAD.

The definition of permissions can be found here: https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread



It is strictly necessary to have a Reading/Writing.

The definition can be done on all sites (Sites.ReadWrite.All) or only on selected sites (Selected Sites)