I'm a little surprised by the answers in "Cryptographic Right Answers". Both libsodium and Chacha20-Poly1305 are not FIPS-compliant. "AES-GCM" is but it has important gotchas in regards to the IV and per key data volume. "AES-GCM-SIV" is more resilient but "AES-GCM-SIV" isn't FIPS compliant either but there is a proposal underway to certify it. So the cryptographic right answer is "it depends". FIPS compliance may not matter to some people but it does a lot to others depending on the context.

I think the safe answer is AES-GCM using envelope encryption?