Agreed. No sense to spend the time reinventing the wheel. PGP encryption has been around for over two decades and is the proven and robust scheme. When applied to SEED phrases, it renders them indistinguishable from any other encrypted messages, which is ideal for masking purposes. I can't think of more effective or widely trusted method for this use case.
BTW, relevant private PGP key can be securely cloned onto multiple hardware dongles.
PGP/GPG is a great alternative for encrypting not only seed phrases, but any type of content; I use it myself from time to time.
The BIP39 passphrase cannot be a replacement for encryption and even though it adds an extra layer of protection but it is not meant for encryption. It is suitable to get that "decoy" which is why I suggested it based on what OP said about the objective.
But OP's method (if I understood the code correctly) is actually encrypting the mnemonic since under the hood it is using AES to encrypt the entropy. Although looking at the code again, I'd drop PBKDF2 and use scrypt instead (like BIP38 does) since scrypt is strong by design and there is no need to use such high iterations as 60 million.
Also I should point out the checksum for Electrum mnemonics (unlike BIP39) is not in the last word to keep it when you want the result to remain valid, it is the entire seed that is hashed to get that checksum. This is why the Electrum's actual entropy size is 132 bits not 128 for 12 words. So OP's idea won't work for Electrum mnemonics unless a brute force tactic is added but even that will have a flaw. If interested, I can explain more.
One of the applicable examples, with a decoy seed encrypted by seed-otp, seed-xor or the method developed by the OP, even if someone discovers the secret of the decoy seed (which is quite unlikely, unless the user was careless at some stage, such as leaving traces of a second multifactorial factor, such as an OTP-key or any method-dependent keys),
if the funds are in a hidden wallet accessible only by BIP39 passphrases, he will have to rework the secret again, which will depend solely and exclusively on the strength of the passphrase, which depending on the passphrase used, becomes impossible, but to do so, he would still have to break the xor encryption of the decoy seed.
This is just one use case I can imagine in a scenario where the user is using multifactorial backup as a decoy seed. Which is n't popular nowadays (and this is actually good, as it reduces the attack surface both physically and online), however, since the support and knowledge of the method is less, the user will have to bear the responsibility of keeping the method documented to follow in an eventual recovery, as there's not enough widespread knowledge because it isn't as standardized as PGP, BIP39, etc.