The 'RemoteAccessHostAllowGnubbyAuth' policy which is used to enable/disable the security key host extension is enabled by default:
https://cs.chromium.org/chromium/src/remoting/host/policy_watcher.cc?rcl=0&l=194

This Linux users more than Windows due to how we create the virtual session as it interferes with ssh tools the user may want to run.

I think this feature should be disabled by default since most users will not use this functionality and those that do want it will set the policy to enable it.