I would love someone to validate these - I’m in a similar boat & mindset. Question 5 especially; I’ve started playing around with SSH Keys in Yubikey as well, but Apex Flex is interesting - as long as the couple threads I saw regarding ECC keypairs were actually user-issues and not application/device limitations.
Edit: Also, while my understanding re: question 7/8 is that it requires android, and Fidesmo - it looks like a lot of their tooling is released open source, but not the app required for writing?