Yubikeys do not work for .onion pages
Reported by @lavamind, the fix for this should possible by part of the 'Bug 23247: Communicating security expectations for .onion' patch, or maybe as a standalone for eventual uplift.
security.webauth.webauthn
needs to be true
for yubikeys in general to work (see #26614)