Tested here:
https://demo.dataverse.org/dataset.xhtml?persistentId=doi:10.70122/FK2/E08MOR

When you have a published dataset with restricted files, and you create a draft of the dataset with additional new restricted files, and you are assigning file level permission to the published version, the files in the draft dataset are showing up on the list of restricted files in the permissions page. There is no indication to the admin that the "draft dataset files" have yet to be published. This can cause admins to accidentally give access to files not intended for use. Draft file should not even show up here.

tested:

1. created a dataset with 2 restricted files in demo. published.
2. created a draft version with one additional restricted file, left in draft format.
3. navigate to the published dataset, go to "permissions, files," and when select "grant access to users," there are 3 restricted files and not just the 2 expected from step 1. The additional file does not indicate it exists in a DRAFT dataset.