Hello. The Webform Access Group seems to be "config" and it stores its data in a YML file. However, the Webform Access Group membership seems to be "content" and stores its data in the database table webform_access_group_user.
I agree with @eugene.ilyin comment #3.
In the core modules system FileDownloadController::download() method, the requested file path with image style fails the is_file($uri) check and the method returns 404 Not Found.