What is the recommended approach for this? I feel as though the specific database should be irrelevant. All OSes are equipped with permissions models that can restrict a SQLite file to use by a single application.
The issue so far seems to be that most OSs don't really have an effective way to restrict that file to a single application. User-oriented filesystem permissions don't work, as all software runs "as" the user.
If you assume there's a way to restrict permissions by application (a bit like TCC on Mac for certain folders), you need to then go down a rabbit-hole of what matcher you use to decide what is a "single application" - Mac OS can use developer Team ID (i.e. app signature identity), or similar. You wouldn't want to rely on path or binary name, as those could be spoofed or modified by a rogue app.
So in short, in a multi-user OS, generally the filesystem (asides from Mac OS, under certain circumstances) is fairly widely readable by other software running as the current user. At least in my experience, Mac OS is the desktop OS that is closest to having some level of effective protections against apps accessing "everything" owned by the user (but belonging to other apps).
Admittedly I have little knowledge on the Windows feature's functionality but my problem with that is that I want to choose whether or not something like this is happening on my computer and have control over it. I barely trust Microsoft and Windows anymore as it is but it's a somewhat-necessary evil in my case. I don't trust them to record my data and actually keep it local to me and I want to actively find software to do it not have them auto install something and have full control over the data.
How are you protecting the data locally? Sorry if it's in the README, I didn't see it when skimming.