I think y’all are talking about different things. Some sites (like google) have direct yubikey support where you plug the key into the device and what you’re talking about isn’t an issue
Other sites don’t have direct support, but allow you to use any authenticator app which is what you’re talking about with using the yubico authenticator app/key combination. Plugging it into a yubico authenticator app on any device will show the codes
Unfortunately I don’t have an answer for a way to protect those other accounts. I guess the hope is that if you lose it, it can’t be tied to your accounts, just the websites themselves
This is about Apple helping build tools for policing. Not about giving over its customers data to police.