Questions about app governance

I enabled and started using the app governance feature since it became free and I must say that I am disappointed with the features available and confused by some of the information I get...

• What are the criteria used to determine which OAuth apps are monitored by app governance?
• Regarding permissions usage, what does it mean when some of the permission of an app are "Not available"?
• How do you determine if an app has used permissions? Is it just when issuing tokens and checking the scope requested by the application or are you actually checking what permissions the app makes uses of during its operations?

I am also really disappointed that the unused apps, expiring credentials and unused credentials conditions are not available if we don't have workload identities premium licenses. Without those conditions, the usefulness of App governance is really low... And the cost to license our tenant for workload identities premium would be way too high to even remotely consider acquiring those licenses.