OK so for those just reading on the sidelines and wanting a quick way to construct a PyPI token for publishing several packages, here it is:
import pypitoken
token = pypitoken.Token.load("pypi-YourAccountScopedTokenHere")
token.restrict(project_names=["project1", "project2"])
print(token.dump()) # => pypi-NewTokenRestrictedToThoseProjects
Just like @dstufft said, it was quite easy (after I remembered to re-read his post and not try to do it myself with pymacaroons…).
I wish pypitoken had a CLI so it could be installed and used with pipx install pypitoken but I’m way too exhausted to do this myself.
(Is there a way to pin this reply to the start of the thread somehow? Maybe a bored mod could do it…)