Nothing is stopping any app from the Play store to request any particular permission, not just MDM apps, right? And yet, no app can read arbitrary filesystem data including random app data without your device being rooted first.

If anything, one of many MDM purposes is to prevent orgas from enrolling rooted devices in their fleet.