First,you'r using client credentials flow. With this flow, you cannot on behalf a user. The Delegated permissions is not for this flow, it's for other on behalf user flow, like code grant flow. So,you need to choose which one flow you need to use. If you still want to use client crendentials flow, you can take following steps to give it permissions:
You need to assign Role to your Service principal via Azure RBAC.
Go to Azure portal > Select one specific subscription > Access control(IAM) > Add > choose your service principal > select Contributor role > Save
You can take same steps to add assign role to your sp from other subscription.
After doing this, you can have enough permissions to use REST API via client credentials flow.
About list subscriptions from other tenants:
I didn't test this because I don't have mulitple subscriptions. But with multiple tenant APP, it also needs other tenant admin consent and assign role to it too.
With client credetials flow, you still can only get access token for one tenant. So, you can only list subscriptions from one tenant once.
Update:
Even powershell actually gets subscriptions from other tenant from different teannt IDs many times. So, you cannot use API to achieve that directly.
I use Fiddler to catch the Traffic with Powershell running Get-azureRMsubscriptions:
Hope this helps!
