Look for PyPI tokens in keyring when uploading

[takluyver]

The username for keyring should look like pypi_token:project:<project_name> (using the normalised name), or pypi_token:user:<username>. If neither are found, it falls back to looking for a password (but if you have 2FA enabled on PyPI, uploads have to use tokens now).

I'd like to make some more tooling for conveniently creating tokens, but there isn't a PyPI API for it yet.

While I'm looking at this code, I've also simplified things a bit so that FLIT_USERNAME and FLIT_PASSWORD environment variables override details in .pypirc even if you use --repository, and it figures out the repository details before building the packages.

[takluyver]

I'm going to try this branch the next time I have a package to upload, before I merge it.

[Carreau]

I should try that as well next time to make sure it works on MacOS

[Carreau]

Do you want to update that naming to is_legacy?

[takluyver]

is_pypi might be a better name now - it's distinguishing PyPI (the new site, aka Warehouse) from other servers like devpi, and originally from PyPI classic.

It's only used for the 'Package is at' log message, so it's not too important that it's always right.

[takluyver]

I forgot about this for a long while, and then for a while longer I didn't upload any packages through Flit. Now I just have again, and putting a token in my keyring with username pypi_token:project:pep517 worked. :-)