username2 To elaborate slightly on my previous reply, which was extremely short and without an explanation:
The FIDO specification mandates that a FIDO Authenticator (in your case, a security key) cannot be used as a user identifier within a Relying Party (in this case, Google). You can find a comprehensible summary of FIDO privacy principles here, written by the FIDO Alliance: https://fidoalliance.org/fido-authentication-2/privacy-principles/
To quote from the relevant part of the article (my emphasis):
FIDO technical specifications state that a FIDO device must not have a global identifier visible across websites,
which prevents unwanted and unexpected re-identification of a FIDO user. A user must not be identifiable by
one entity because of a relationship with another Relying Party. Additionally, a FIDO Authenticator does not
have a global identifier within a particular Relying Party.
From reading write-ups on FIDO2 by the FIDO Alliance, and academic papers on FIDO2, I gather that the Alliance considers this essential in order to allievate user concerns about tracking – which is a concern that frequently gets raised by participants in academic qualitative research on the usability of FIDO. In order to increase adoption, it is vital that users feel confident that the Relying Party cannot track their usage and location simply from authenticating with FIDO. To again quote from the paper:
At registration time, the Relying Party must disclose the information collected from the user. If any additional
information is collected at user verification or transaction confirmation time, the collection must be disclosed
to the user as well