Custom ROM's for Android phones had this feature. You get to choose whether to allow once, allow all, deny once or deny all. I haven't used a custom ROM in a long time though so I don't know if they still have it.
"Allow once" is different from "Allow just this one picture". With "Allow once", they can still scrape all your pictures, they just have to do it in one go.
Custom ROMs unfortunately can't really do much to implement the latter, they'd have to break compatibility with the whole Android ecosystem, which Google knowingly built this way.
I mean, Android technically supports it, if the app developer wants to. Then they can send off an "Intent", asking the OS to ask the user to select e.g. one or multiple .jpg and .png files, and then the OS hands those files back to the app.
The problem is that not many users understand the implications of just granting permission, so developers don't really need to care.
And this dialog that Android opens is roundabout the shittiest, least usable piece of software I've seen in a long while, so for an developer it actually can pay off to ask for full permission and then build your own file selector even if you have no malicious intentions.
Others here have mentioned that iOS also supports basically this the same way as Android, though presumably they have not quite managed to make their file picker quite as shitty.
And then, well, browsers have worked like this since forever. So, presumably Firefox OS works/-ed like this, too.
