That sounds perfect to me. Ideally I would like a UI where I can see what files are uploaded and their checksums and I can download them for sanity checking before signing off.
I stopped just short of enabling automated uploads for SymPy releases because I didn’t quite figure out a good way to control access for which contributors would be able to trigger the upload process from GHA. When I considered this I was worried about accidental triggers as well as malicious ones. Controlling access at PyPI rather than GHA is much simpler to audit because the number of people with PyPI access is much smaller. I would also be happier working on the release script itself if I knew that the final publish step could not possibly happen automatically (debugging a script that I definitely don’t want to fully execute makes me a bit nervous).
I agree that this should be optional but it’s definitely an option I would choose.