I'm a little surprised by the answers in "Cryptographic Right Answers". Both libsodium and Chacha20-Poly1305 are not FIPS-compliant. "AES-GCM" is but it has important gotchas in regards to the IV and per key data volume. "AES-GCM-SIV" is more resilient but "AES-GCM-SIV" isn't FIPS compliant either but there is a proposal underway to certify it. So the cryptographic right answer is "it depends". FIPS compliance may not matter to some people but it does a lot to others depending on the context.
I think the safe answer is AES-GCM using envelope encryption?
If you use libsodium, its very hard to screw up your encryption. If you use AES-GCM, it sounds at least like you can screw it up. Surely you'd want to use the first one?
Totally agree with you on this but I think in some settings FIPS-compliance is a requirement -- especially anything to do with the Federal government. The obvious fix is for FIPS to catch up but until then the three choices the document listed aren't great. The first two don't meet the requirements and the last choice, as you've pointed out, can be a bit of a foot gun. I wonder if AES-CBC-HMAC (i.e. Fernet) should be listed as a choice for FIPS? Like keep the original 3 and then have a sub-heading: FIPS-compliant: AES-CBC-HMAC or AES-CTR-HMAC like it did originally.
That list is geared towards developers who don't have a strong background in cryptography and helping them choose a secure algorithm that is easy to implement. Because if you get it wrong, more vulnerabilities will be introduced.
Working around janky compliance standards is a whole separate topic.
I think the safe answer is AES-GCM using envelope encryption?