It seems that filesystem=host is more limited than I thought (or has become more restricted overtime): Sandbox Permissions - Flatpak documentation
darktable’s flatpak uses the host permission by default.
Hrm… This is still annoying, yet we’re flagged by flathub as being"insecure" by using these permissions.