You might want to check out https://solokeys.com/ then. They're pretty new (shipping for about a year) but they do full FOSS firmware & software as well as most hardware being FOSS as well.

I have a couple of these and they work well. Unfortunately it seems like most sites that I use (with a few notable exceptions) don't bother to support hardware tokens for 2FA, I suspect because of the ubiquity of phone-based methods.

If you want something now and don't mind a virtual FIDO device, you could try out my solution Bulwark Passkey (https://bulwark.id). It's open source and allows you to export your credentials, so it's pretty user-freedom friendly.