Waited 10 years? Why didn't you just use a yubikey in PIV mode, or the yubikey with gpg, or a smartcard, or…
I've been using a yubikey PIV for, hmm… at least 5 years.
BTW both PIV and GPG in Yubikeys are just applets and not particularly suited for SSH use either. Proper applet for it is this one https://github.com/philipWendland/IsoApplet, if you can install it of course.
Some get confused or have bad associations when hearing the word 'applet', but that is what they are, as in 'Java applet'.
I don't see what's so extra hoop-y about telling SSH "use key from industry standard PKCS#11". That's literally what it's there for, and when Yubico added PIV support that instantly added support to multiple operating systems (incl Linux & Windows) where SSH keys "just work".
I can take a yubikey today from my Linux system, plug it into a Windows machine, and Putty with wincrypt support "just works". Because that's how it was designed.
You're using yubikey agent or ykcs11 or yubico-piv-tool or somesuch nonsense most likely that actually provides PKCS#11. That is it wraps whatever PIV is supposed to do and gives you PKCS#11 interface. I'm talking about something that isn't Yubico specific and provides PKCS#11 and PKCS#15 with OpenSC straight ootb.