So, the issue for a portal regarding desktop entries can be found here:
Since I have not looked at your app in detail, I cant give much detail, bu well, I can give a few thoughts on the permissions:
"--filesystem=host-os",
"--filesystem=/var/lib/flatpak:ro",
"--filesystem=~/.local/share/flatpak:ro",
Considering you need the system desktop files, for which no portal exists as of yet, you probably won’t get around those right now. But you should probably use :ro on host-os.
"--filesystem=~/.local/share/applications:rw",
"--filesystem=~/.local/share/icons:create",
You may want to look if using the Dynamic Launcher Portal might be an option for you.
But if you need to keep these permissions, you should use xdg-data instead of ~/.local/share, as xdg-data maps to XDG_DATA_HOME.
"--filesystem=~/.local/share/quick-webapps:create",
"--filesystem=~/.var/app:rw"
These I don’t think are necessary. Especially on the first, you should read your app data from XDG_DATA_HOME/quick-webapps, which is on Flatpak provided under ~/.var/app.
And for the second I’m not sure where you would use this… The data folder for your own app is mounted automatically, so there’s no need to add that.
A note on XDG_DATA_HOME and the likes for config and cache: While the default, if they are not defined, is indeed ~/.local/share, these can be changes by the user (or sandbox systems like Flatpak), so you should always read the setting first. Your UI toolkit probably has a method that makes this check for you, or you could use the dirs crate.