That's (anonymous) device attestation, not authentication key/credential attestation. Two completely different use cases.
One prevents against spam/bots, the other prevents against users getting phished/scammed into registering an attacker's credential on their account (or using an insecure credential that can later be phished/hacked, e.g. because it's not hardware-bound and easily exportable).
