When you run:

$token = (Get-AzAccessToken -ResourceUrl $baseUrl).Token: This uses your currently logged-in Azure Session (via Connect-AzAccount) to generate a token. That token works fine in Postman or manual Powershell.

In the CICD Context, there's likely no interactive login session, the Get-AzAccessToken might not have a valid token context or it generates a token that's not valid for the resource you're querying, or the service prioncipal or managed Identity being used in the pipeline lacks required permissions to call the EvolvedSecurityTokenService, which handles the ARM tokens.

please try using Connect-AzAccount explicitly with service principal if you are running with pipeline
$securePassword = ConvertTo-SecureString $env:AZURE_CLIENT_SECRET -AsPlainText -Force

$credential = New-Object System.Management.Automation.PSCredential ($env:AZURE_CLIENT_ID, $securePassword)

Connect-AzAccount -ServicePrincipal -Credential $credential -Tenant $env:AZURE_TENANT_ID

Then retry:
$token = (Get-AzAccessToken -ResourceUrl "https://management.azure.com").Token

And please make sure that the resourceGroup where $queryPackName exists has a Contributer Access.

In case if your pipeline is uses az login, please try:
$token = az account get-access-token --resource=https://management.azure.com --query accessToken -o tsv