The simplicity of SSH's public key authentication comes with a significant privacy downside: https://www.agwa.name/blog/post/whoarethey https://words.filippo.io/whoami-updated/
This isn't such a big deal in the SSH ecosystem, but it would be a disaster on the Web where there is an enormous incentive to track users. Part of WebAuthn's complexity comes from addressing that.
The complexity is unwarranted. The only thing that needs standardizing is how to hand over public keys (SSH format works fine), and what to sign to prove identity.
Everything else about managing which public keys are for what does not need to be decided in a standard. The users can choose whatever key management solution works best for them. What those links get at is a problem of key management. A single set of keys, where you send all of them to every server all the time, is a bad strategy.
Use a different public key for every site, specify which one in your .ssh/config. Only offer keys for the site(s) they correspond to. Done. This is already best practice, but could easily be improved by simple tools to manage it. You do not also need things like attestation and restriction of backups.