It showed the "unknown developer" warning box when running the app, would that have been shown if the app was already authorised to access the keychain?
You are right, I initially misread your comment, I thought it said that Keychain only checks the app name.
The security framework uses some kind of digest / signature to verify that the app hasn't changed if the binary is not code signed. Apple's docs are scarce on details, see eg [1] which just says that the security framework makes sure the app wasn't altered.
But I am pretty sure the app name is ignored. Most macOS services use the bundle identifier.
However, if the app is code signed, the security framework automatically grants newer versions of the app permission if they have been signed with the same certificate.
Technically, if you can create another executable binary with the same name and digest, you can access the same keychain item.