username=__token__ requirement? #15140Description
Now that 2FA is mandatory, username/password pairs can no longer be used for package upload.
This affords a potential simplification in the upload endpoint's credential format: the phony __token__ username is no longer needed for disambiguation, since all "passwords" are now just API tokens of the form pypi-....
Pros: Delete a small amount of code, remove a shoehorned special value, one less configuration step/variable.
Cons: Probably needs a bunch of doc updates, user benefit is marginal (?)
CCing @miketheman for opinions 🙂