Yubikey is included - as a passkey.

They are more secure because they are different per-site and are public-key-based rather than secret-based, so they can't be captured and replayed later, a website compromise doesn't lead to further compromises, and they are phishing-resistant (e.g. paypa1.com can't request PayPal.com credentials).

Passkeys are meant to refer to primary-factor authentication, as opposed to using something like a yubikey as a replacement for SMS OTP or TOTP. The ability to discover available first-factor options for a web domain was something new in FIDO 2 over the older U2F-based keys - I'd expect any security key sold in the last three years to have at least limited support for discoverable credentials.

By default when someone talks about passkeys they mean multi-device, where you back them up (most likely to the cloud) and can sync/restore them to other devices. But modern Yubikeys (and current Windows Hello) support single-device passkeys.

Or to put it a different way - passkeys are meant to be a concept for something equivalent but better than passwords, not a proper spec in themselves. Hence the lowercase 'p'.

One question : will the signature generated on a brand new device still conform to the requirements, if I end up losing all my devices? What if I'm signing in on a random public device?

By the latest definition, Security Keys also store passkeys.

I think it protects against someone getting the 2fa code. Passkey talks to the website directly