PEP 694: Updates

[warsaw]

Based on discussions rooted here in DPO and other places, this is a major update to PEP 694, Upload 2.0 API for Python Package Repositories.

Changes include:

• Formatting and phrasing
• Added myself as a co-author (though I don't want to step on @dstufft 's toes so I'm happy to revert this)
• Proposed the root URL for PyPI to be https://upload.pypi.org/2.0 although we may want a provisional root URL while the implementation is still in its experimental phase.
• Added an nonce string to the session creation request JSON, which allows clients to decide whether staged previews are easily guessable or not.
• In the session creation response JSON, rename the draft subkey of the urls key to stage.
• In the session creation response JSON, add status and cancel subkeys to the urls key.
• Describe the expected behavior when this API is used for the first upload of a project.
• Fix the chunked upload header examples, and provide examples for both the first and second chunk upload.
• Describe how to replace a partially or fully uploaded file in a staged release before the stage is published.
• Describe that it is an error to publish a stage that has no files uploaded to it.
• Elaborate on how the session token is calculated from the hash of the project name, version, and optional nonce.
• Elaborate on how staged previews can work; make this optional for indexes to support.