Neither sync nor keychain is mentioned in this post or in the WWDC presentation, so I'd like to ask if the credentials are synced between devices whatsoever, or if they're transferrable. While it'd be more secure to run it through a device's T2, a syncing/keychain-backed key would save a lot of the re-enrollment hassle for users who end up transferring their data to a new phone or need to enroll each of their devices for all of the web services they use.
They are no synchronized between devices. This is generally considered to be a no-no with FIDO (although Apple has not publicly announced whether they intend to be FIDO certified)
For simplified login situations (e.g. not requiring two factors for authentication) you'll probably have some kind of password or password-less (email) login flow where you can login at first and then enroll the FIDO2 device.
Otherwise there is no way to login from any other device.
An alternative is that you can authenticate a new device from an existing device along with a re-auth on that device to verify it's them. Discord has a feature similar to this with it's QR login system.
