As far as I remember yes the DB needs DB owner as it does schema migration

If you allow specifically to change schema - then as @Scott mentioned - you have to run application with user who has quite high permissions on the database.

If you don't want to run with db_owner, another alternative is to run with db_datareader, db_datawriter, db_ddladmin. But that effectively almost the same as db_owner.

What we are experimenting with (knowing exact releases when there is new platform libraries update) - run an application with ordinary user (reader, writer permissions), and then upon schema change deployment - temporarily switch user with high permissions.

Another alternative - would be to do schema changes from dedicated application which is configured to access database with high permission user.

But not sure if this all is worth the hustle. It's better to focus on other security vulnerabilities that would prevent harm done to the system (like SQL injections can be executed also via the user with low permissions).