I have several security keys from Yubico (not series 5) and Thetis.
Bitwarden FIDO2 Webauthn works with all.
Bitwarden YubiKey OTP security key doesn’t work with any of them.
A finance web site I use works with all.
Google works with the Yubico keys but not the Thetis.
Can someone describe the different versions of security keys there are? Are they changing over time? Do different manufacturers use different specs?
What matters is not the key, but the protocols supported by each key. I suspect that your Thetis keys only support the old U2F protocol but not FIDO2.
Right. Is there a list somewhere of the protocols and which keys support them?
Let’s say I want to buy another key as backup, and I don’t want to spend $50 for a Yubico Series 5, how do I know which protocols a different key supports? Plus I want to know which protocols are used by different sites.
The vendor of the hardware key should provide this information. I don’t know if there are any third-party databases that have compiled such information for different key models from different vendors.
Probably the closest thing available for this is the 2FA directory — in the search box, type 2fa:u2f. Unfortunately, this site doesn’t appear to distinguish between U2F and FIDO2.
Should, but doesn’t. My Thetis key does not work with Google, for example, but there’s not way to know that it wouldn’t before purchasing and trying it.
No way to know whether this key, for example, would work with Google.
I’ve been emailing with Thetis, asking why their key doesn’t work with Google, and they’re like “Try it in a different USB port.” 
That may be a good indicator that this is not a vendor to trust with your security…
The information in the link literally says:
Idem Key can be used with all FIDO-enabled services, such as Google, Facebook, Dropbox, Microsoft account, Salesforce, GitHub, Twitter, Binance, Bank of America and many more.
It also says that it supports both U2F and FIDO2.