When the ssh daemon starts up, it reads the config file for the interfaces it should bind to (listen on) and the port number(s). The default interface is "all" and the default port number is 22.
The number was applied for and assigned as a well-known port number. On many systems, there is a file /etc/services or similar which lists port numbers and human readable names which can be used as substitutes.
If the port number is under 1024, traditional systems require root privilege. This is an anti-impersonation feature, so that these low port numbers are answered by the system's official daemons rather than any user who happened to claim it first.
Many administrators choose to run ssh on a port other than 22 because it is a target for scanning that can produce lots of log traffic. Changing the port number is not a significant security measure, but it can reduce the log traffic.
The port number that a daemon is listening to is the port number that must be specified by a client trying to communicate with it. Port forwarding is a duplication arranged by another daemon, so that a client can talk to a specific port (say, 22) but the underlying daemon can be listening on some other port (generally above 1024). That concentrates the root privilege to the duplicating daemon and may mean that the underlying daemon does not need root privilege.