Ok, weird… the old and new tokens I was experiencing the above problem with were generated by the “Twitch Chat OAuth Password Generator” linked from the IRC protocol doc page. It worked well enough, as the only scope I needed was logging into chat.
I just generated a new auth token with my bot’s client ID, and I see what I would have expected to see all along… 119/120 in the returned rate limit headers. It makes me wonder what that 3rd party auth token generator is doing behind my back.