Then you’ll end up with a forum of only bots because they’ll spoof it and real people won’t put up with the hassle.

Doesn't actually work that well. Browsers hate this, the hardware isn't actually difficult for bots to access, and privacy story is bad. There are solutions being worked on.

FIDO tokens are designed to able (if authorized by the software, your web browser typically offers a pop-up where you can decline this) to prove their membership of a batch of tokens, but not their individual identity.

The Entra feature you thinking of lets somebody say "Only things which can prove they're in this list work". This could make sense if you, as their employer, issue every employee a custom DoodadCorp Doodad FIDO key and so you don't want somebody's Yubikey or off-brand generic device to work. It's stupid and you shouldn't do it in other scenarios, but your "this is how we detect humans" idea is arguably a scenario where that could make sense.

[Edited to add: This feature is called "Attestation"]

This would result in hardware farms of such devices being automatically operated, like the existing iPhone farms used for similar purposes.