Solving my own problem here and posting for others’ benefit. The issue was with the environment variables I was using to store CLI login credentials. I had set the client ID and secret for different environments on both my local machine and on the CI server. But I discovered a difference. On the CI server I had also set the standard environment variables AUTH0_CLIENT_ID and AUTH0_CLIENT_SECRET and they pointed to a different tenant. Apparently what happens is that the CLI uses those credentials to get the initial access token, but then attempts to use that access token to connect to my target tenant. That connection gives a 403 Forbidden error.
The resolution was to remove the AUTH0_CLIENT_… variables. Then Auth0 used the credentials for my target tenant to get the token and then to use it.
I’ll report this as a bug in the CLI, but I was happy to find the workaround.