I’d definitely strongly recommend having this be HTTPS only, and not reusing DNS-01 or HTTP-01 or other pre-secure-origin challenge mechanisms! Those mechanisms are great for Let’s Encrypt’s purposes, but the package index is in the fortunate position of being higher up on the stack; given that a secure origin (= HTTPS) should probably be table stakes for domain verification anyways, my suggestion would be to use the .well-known URI scheme (RFC 8615) and have a basic proof served from there.
To take a step back, this is indeed separate from Trusted Publishing, but it does dovetail closely with related efforts. TUF has already been mentioned, but it’s also pretty close to the PEP 740 attestation model (which currently assumes Trusted Publishing identities, but was designed to be extended to arbitrary identities, like emails and domains).