When the cert is added to the Local Machine store, by default no one has an access to its private key (except SYSTEM and Administrator). Temporary "LogonSessionId_0_some-random-number" represents a current user who performs import to allow operation to be completed. Later this temporary user can be deleted or replaced by actual user if this user still need to have an access to the private key.

For some reason it happens even if current user is Administrator, so already has an access. My guess, developers of this feature just skipped validation who current user is, and just always do it.