It’s part of the way key-based authentication works in SSH. If you generate your own SSH keys the permissions are set correctly.
The problem largely occurs when you are trying to use someone else’s keys (such as ones extracted from a victim server).
Generally speaking, the ssh client on your machine will refuse an id_rsa unless it is at least set to 600 (rw- — — ). I think it will work if it is set to 400 (r-- — —) but if it cant read the file it isn’t going to work either.
The permissions are set to reduce the risk from an untrusted party (group/world) being able to read or write to the file.