It should be possible to state multiple whitelist entries for the same package. Support [[...]] TOML syntax in whitelists.

What about switching from our custom parser to something like https://pypi.org/project/tomlkit/? That would give us [[...]] support 'for free'.