This is what I used to do with my yubikey5:
As I don’t use the yubico otp feature I programmed slot 1 to emit a static password (randomly generated with ykman otp static -g 1 -l 38 -k MODHEX) that has 190 bits of entropy.
I use that static password as the unlock PIN. And with its strength It’s relatively safe to uncheck the require master password on device restart option.
The main risk with a static password emited by a security key is that it’s very easy to leak it by accidentaly typing it where you shouldn’t. In that case I simply generate another one and change the unlock PIN to the new one.
Nowadays, that login with passkey is a thing in the browser extension, I don’t need to uncheck the require master password on device restart option and I just set a weak pin that I type manually to unlock.