I've had the idea for years, and can now complete it thanks to tremendous help from WanderingPhilospher in finding vanity addresses.

BIP38 encryption
Ever since I read I'm BIP38 curious, please help me out!, I've been impressed by BIP38 encryption. That topic showed that $1000 wasn't enough to crack password "zLwMiR" in 2 years, even after several hints. It's just too expensive in terms of computing power to brute-force even such a simple password.

Encrypting seed words
Ever since I've used my first seed word phrase, I felt unconfortable with the balance between keeping the seed secure, and making sure I don't lose access myself. It always feels like a compromise.

So, how about combining those two?

BIP38 meets BIP39
Here's the idea: BIP39 uses 2048 words. In loyce.club/other/keys.txt (which can be copied onto your air-gapped computer), you'll find an uncompressed Legacy Bitcoin address for each of the BIP39 words. Each Bitcoin address starts with a word, separated from the rest of the address by a number.
Example:
abandon: 1AbANDon25kw25M4ioLdPfLxZ1FCwzF8DY 5JDY3hzX2GnBbbExHaXjnbsjoPeFBQko9WxtaTGMi2GhYRBjtsb
If you encrypt this private key, you're encrypting the word "abandon".

Why?
I like using basic tools that have been around for a very long time. Both BIP38 and BIP39 are quite intuitive, both can easily be handled on an air-gapped computer that will never go online again, both are suppored by multiple wallets, and both can easily be verified from scratch before funding any of the addresses it creates. This is a lot of work, but I don't mind as this gives me long-term peace of mind and I don't have to do this often. I don't mind that it takes me a few hours to do this properly.

Example
IanColeman's site gave me this mnemonic:
That gives the following words from my list:

For this proof of concept, I'll use "LoyceV" as (very weak) password:
Printing the above would be my backup.

How?
Start with a proper air-gapped offline system. Any old laptop with 8 GB RAM should do. If you don't have one, you can probably find a second hand laptop for less than the price of a decent new hardware wallet. Unplug your ethernet cable, close the curtains. If you're truely paranoid, you can physically remove all hard drives and Wireless modules.
Get a Linux LIVE DVD, use Ubuntu, Knoppix or Tails for instance. I prefer DVD over USB so I'm sure nothing gets saved. I use an exteral DVD drive with a Knoppix DVD with this boot-option:
After loading with this option, the DVD drive can be removed.

Hardware
You'll also need a printer. Not wireless, but with a good old-fashioned cable. I like cheap old LaserJets. If it's too new, chances are it's not supported yet by your Linux LIVE DVD. Test it before you continue.

Software
Use an USB stick (or just burn another DVD) to copy bitaddress.org (look for the Github link), Ian Coleman's Mnemonic Code Converter and keys.txt to your air-gapped system. Use Tor Browser while downloading for improved privacy. I haven't tested command line software for BIP38 encryption and decryption yet. This can speed up the process, but for this post I'll stick to the basic tools.
Open "Bitaddress" in Firefox, and go to Wallet Details. Depending on your Live Linux you may need to enable scripts to run in the browser. Enter the private key, tick "BIP38 Encrypt?", and enter the passphrase. Encryption takes a while (which is the reason we're doing this).
It's up to you if you want to use different passwords for each seed word, but it's probably safer to use just one. If you want to make it more difficult, just make it longer.
Scroll down to get the BIP38 encrypted private key (starting with 6PR).

Check if the private key produces the correct seed word. If there's a mistake in my keys-list, let me know.
Depending on which Linux DVD you used, you'll probably find LibreOffice or at least AbiWord. Use this to temporarily store the BIP38 encrypted seed words. Add numbers for your own convenience. Switch the page orientation to landscape, choose a fixed width font, and make the font large enough to fill the entire page with keys (a small font makes it difficult to distinguish the characters in for instance 8BB88B8BB8B, S55SS5S5S5 or KXXKKXKKXK).
Print it, print it again, and laminate it. Store safely.

Don't mess up when you're handling seed phrase and creating backups for your future wealth. Make enough backups!

Check, double check
And check again! Better safe than sorry. Verify to make sure you can restore your seed phrase from your backup from scratch (so on a freshly rebooted air-gapped computer).
Take the time to TYPE all of the encrypted keys into an air-gapped computer to make sure you can restore your backup from your paper backup. Blind typing helps a lot.
While you're at it: this is a good moment to use your air-gapped system to verify you can use Ian Coleman's Converter to reproduce the same Bitcoin address as your wallet gives you. This should work, and by testing it before you need it you know for sure you can reproduce the keys if you ever need to.

Remember
DO NOT lose your password! As the BIP38 curious-topic proves, you won't be able to brute-force it (which, after all, is the reason for using encryption). It may be good to keep another backup anyway, for instance by stamping your seed phrase into metal washers. This allows you to keep backups for the same seed on different locations with different threat-levels.

Why not just extend the seed phrase with a passphrase?
"Just" a passphrase (also called 13^th/25^th word) doesn't add very heavy encryption in case someone finds your seed word backup. Besides, you can still add a passphrase to your BIP38 encrypted seed phrase.

Work in progress
Let me know if I missed anything, and I'll add it to this short guide. It's probably not very fool-proof yet, but fools people who don't understand what they're doing shouldn't be handling private keys anyway

No spam please.
Self-moderated against spam. Discussion and questions are welcome.

Disclaimer
I'd hope I wouldn't have to tell anyone not to fund any of the addresses in my keys-list, but I'll do it anyway: if you fund them, someone will take your money. Probably within seconds.