Today, I finally got a FIDO2 ssh key working. (Next step is to make sure I can use it from more than one client machine.)
I have lost track at this point of the number of different ways I've failed to do so. I'm pretty sure "nah, I don't feel like doing this tonight after all" has beaten all others combined.
I think the funniest failure might have been the time I realized that the OpenSSH client I was using, while it did have a version number newer than when the feature was added...had support for it explicitly disabled because the dependencies weren't available for the platform yet.