Technically names do not have to match, but it certainly makes it easier if you have a pattern to rely on when injecting authorization into a middleware layer.
By convention, we generate a package for every API definition in the OpenAPI spec. But the calling application can decide which package to use when authorizing an operation, so you can use a single policy for multiple endpoints.