I was honestly surprised to see all this gpg setup, yet no mention of application-specific passwords. I've been using email clients with what google now calls an "App password" for years.
"application-specific passwords" are not actually restricted to a single application. You can restrict the scope (only has access to your emails, for example), but any application could use this password to access your emails.