Doesn't mutt already "support" this? I use Fastmail with 2FA enabled.
What I do then is to generate an app-specific password which is the one
I use in the mutt configuration. There's not much to support, it's just
a different password, unless there's something I'm not getting right.

Cheers,

It should be pointed out that this is not really 2FA at all. If I
have your actual user credentials (username & password), say because I
got root access to the machine where you run Mutt and snarfed them out
of memory, this scheme does nothing to prevent me from using them
directly, completely bypassing any 2FA on LastPass. With respect to
the resource to which your credentials give access, there's no second
factor. LastPass is just acting as a proxy for your brain. The only
actual effect it has is to complicate (in a technical sense) the
retrieval of your single authentication factor from your "memory"
(i.e. LastPass' password store)--making it arguably less secure, not
more (because more potential points of failure mean a higher chance
something will break, preventing you from being able to access your
mail). All the security in the world does you no good if the
resources you're protecting are unavailable to legitimate users.

The point of 2FA is to prevent the scenario where an attacker gets your
credentials (user & password, or "the thing you know"), allowing them
to gain access. Examples of how this would be 2FA is if your IMAP
server *additionally* required a cryptographic certificate, hardware
token, sent you a text to your phone, etc.--something that only *you*
should have physical access to. Inability to access that physical
thing (your second authentication factor) still prevents access, even
though your credentials are compromised (known by someone other than
yourself). Like your scheme, this also increases complexity, but
unlike your scheme, it additionally provides a real increase in
security--making the extra complexity involved (arguably) justified.