It's not about the hardware. In spite of the fact that they can nominally be broken into, most modern USB microcontrollers can easily implement being a security key.
The expense is that the security world hasn't converged on anything remotely approaching a single standard. So, a key has to support ... PGP, OpenSSH, FIDO, FIDO2, U2F ...
For example, you couldn't use some of the older YubiKeys with AWS because AWS only supported time-based TOTP.
That's a LOT of software work, and you can't be "Startup Sloppy" with your code or someone will break it.
The PGP thing is wildly different than the other applications in that it is a complete airgapped system on a key. The decryption and signing is actually done on key so the private key isn't exposed. PGP is pretty much the only thing that does this and as a result can be held up as an example of where we do in fact have a unique standard.
The expense is that the security world hasn't converged on anything remotely approaching a single standard. So, a key has to support ... PGP, OpenSSH, FIDO, FIDO2, U2F ...
For example, you couldn't use some of the older YubiKeys with AWS because AWS only supported time-based TOTP.
That's a LOT of software work, and you can't be "Startup Sloppy" with your code or someone will break it.