GrapheneOSgraham I had this problem initially but I have this setup now. This is just my workaround as I don't want my 2FA app sharing profile space with untrusted apps or sites.
Only use the Owner profile for admin tasks, like app installs and updates only.
Have a "Daily" profile for trustworthy essential apps. Install Aegis on this and copy your backup .json from Owner to this profile via the Inter Profile Sharing app.
Set this profile to "Allow running in background" so the session doesn't end when switching to your Google profile.
Then, when the Google profile prompts for 2FA, switch to the Daily profile and memorise the code. You should have 30-60 seconds to switch back to Google profile and enter the code.
Of course, if this is too tedious then just install Aegis on the Google profile. But it's just what I do when I want to dump invasive apps into a profile with as much sandboxing as possible.
Edit: Another thought is installing Aegis in the "private space" inside the Google profile. This means you can essentially make a sandbox inside the Google profile so switching isn't needed.