This "Your app is not permitted to access this endpoint" error indicates that the access token you're using to make the call does not have the necessary scope needed for calling that particular endpoint. As indicated by the error message in this case, the app would need the "files.metadata.read" scope.
You can add it via the "Permissions" tab on the app's info page on the App Console. Then you can get a new access token with that scope added and use that new access token to make this API call.
