For the record, I used a combination of a similar issue in the mailing list and a combination of what @Valentin suggested.

In the end, this is what works for me:

if ($request_uri ~* upload$) {
rewrite ^/(.*)$ /upload/$1 last;
}

location ~ /upload/(.*)$ {
internal;
client_max_body_size 200M;
fastcgi_param PHP_VALUE ....;
fastcgi_pass php;
fastcgi_param SCRIPT_FILENAME $document_root/index.php;
include fastcgi_params;
fastcgi_param QUERY_STRING /$1;
fastcgi_param DOCUMENT_URI /index.php;
fastcgi_param SCRIPT_FILENAME /index.php;
}

All the rest I didn't have to change with the exception of adding an extra clause to the location \.php$ block to restore PHP_VALUE to default settings.

I understand around-abouts why IF is evil but if it's supposed to be safe for rewrites and return then I'd rather take advantage of that instead of using location / with try files so that I can deal with query strings attachments easier and it ends up shorter to implement.

@Valentin's solution would have meant I had to maintain 3 different fastcgi_pass php location blocks as one would also be required for location ~ upload$ {.

Thanks for all the hints and tips.