AAD: About Permissions, AppRoles and OptionalClaims
Delegated Permissions and Application Permissions
Delegated permissions are only relevant when there is a user signing in with application. They are used when you want to call services in context of logged on user.
Application permissions are used when the application calls the API in context of itself, without impersonated user.
AppRoles attribute in manifest
The AppRoles attribute in the app manifest (i.e. on the Application object) is for defining what application roles your application exposes (i.e. offers for other apps to request/require access to).
Optional claims will never give you anything in the "roles" (application permissions) or "scp" (delegated permissions) claims, since these are reserved claims. The only way to affect the "roles" claim is with AppRoleAssignments. The only way to affect "scp" claim (which, remember, is only relevant when there is a user signing in with your app) is with OAuth2PermissionGrants