Goal: enable passwordless authentication for our logins as well privilege escalations (sudo). Alternatively, you can swap out the "sufficient" in the PAM-file edits to "required" to require your Yubikey on top of your password.
⚠️ Messing around in PAM files is hazardous, especially when going the "require" route: Be sure, to not lock yourself out (keep a failsafe terminal at the ready and use 2 yubikeys if you want to require the usage of a Yubikey)!
Note: this should also work with other WebAuthn capable devices, but I haven't been able to test this