Just got an email from Google saying that my request to access their Gmail API has been approved.
It took me about two weeks, with emails coming almost every other business day. The Google team asked me to correct the application form, then actually tried my extension (so it should be published and approved), I had to fix a bug or two, and then they asked me to make sure that I have all policies and disclaimers on my Web site.
One thing that could be a potential showstopper is that they require you to record a video of your app using the API, and the client ID should be visible in the video. Normally, it would be a part of the URL of the content screen, but in my case, this screen had no visible URL, so I had to start a debugger and evaluate client ID in the console. That worked. Or maybe they didn't require it for extensions.
In any case, if you need to use one of the sensitive or restricted Google APIs, you want to release an MVP using all these APIs (it's easier to approve them all at once rather than one by one) and then apply for approval ASAP. Without their approval, your users will see a scary screen saying that your app is not safe, and you won't be able to get any feedback for your MVP, except for maybe your close friends.