A FIDO2 authenticator doesn't really "understand" most of what it signs, it's basically handed a blob by the big smart computer and signs that blob, which allows your web browser to add new features to WebAuthn without you having to buy a new Yubikey every week.

But the authenticator does also sign a small pile of bit flags with a meaning clearly defined for the authenticator's use, one of those flags (UP: User present) is defined to mean "I promise a human interacted with me somehow to signify presence" (e.g. "they pressed a button") and another (UV: User verified) means "I promise I verified the key's owner authorised this signature" (e.g. "I checked their PIN" or "The fingerprint matched")

So these bitflags are very trustworthy, the smarter and thus more vulnerable host application can't change them without consent by the authenticator. If my Yubico Security Key doesn't see my correct PIN, an adversary needs to subvert the actual Security Key if they want the UV bit set, just controlling my PC or phone doesn't help them do that.

Thus, this feature in OpenSSH will let justifiably paranoid administrators decide it's OK to use this FIDO2 key to log into this production server but only if the key promises that it checked its legitimate owner authorised this.