While the GitHub Application allows for SonarCloud to interact with GitHub itself (adding a check, for example, or importing a repository), it does not allow for authentication with SonarCloud, which is why a token still must be generated SonarCloud-side and stored as SONAR_TOKEN.
Stated another way (maybe it helps wrap your head around it) – the GitHub Application is only used for SonarCloud → GitHub communication. The GitHub Action running on the runner is not aware of the application.