On a secondary replica, the databases are read-only, so the grant script cannot create the user in the database.
Once the check script is run after the grant, it will only check if the user exits in master and tempdb databases (and it does, since the grant script created it there) and hence the test passes.
The foglight user may still not be able to read data from these read-only replicas until the users will be synchronized.
The error is encountered because the script does not filter secondary databases and they are not marked as read-only