docs: ways to document TWINE_USERNAME ignored for pypi since 5.0

[henryiii]

Is there an existing issue for this?

• I have searched the existing issues (open and closed), and could not find an existing issue

What keywords did you use to search existing issues?

twine_username

Please describe why your using this option

Someone reported that TWINE_USERNAME wasn't working, and we spent around an hour debugging it. Finally came across

twine/twine/auth.py

Lines 34 to 39 in 94f810c

	if cast(str, self.config["repository"]).startswith(
	(utils.DEFAULT_REPOSITORY, utils.TEST_REPOSITORY)
	):
	# As of 2024-01-01, PyPI requires API tokens for uploads, meaning
	# that the username is invariant.
	return "__token__"

- I should have remembered this, but https://blog.pypi.org/posts/2024-01-01-2fa-enforced/ was too far down on the page and there's no mention of this in the twine 5.0 changelog (other than a link to #1040, which still isn't clear in the title)

I think this could be improved, a few ideas:

• Expand the details of this in the changelog entry for 5.0.0
• Check to see if a username other than __token__ is set in this PyPI/TestPyPI branch, and issue a warning about requesting a username.
• Maybe add a note in the CLI help for -u.

Anything else you'd like to mention?

Someone ran into this in #1113

[woodruffw]

Sorry for the confusion this change caused! #1040 was my doing, so I'll take responsibility for improving the behavioral change documentation here.