I found a way to make the Nitrokey FIDO work on chromium (installed from snap).
I patched the /etc/udev/rules.d/70-snap.chromium.rules file and added the following at the bottom:
# u2f-devices
# Nitrokey FIDO 2
SUBSYSTEM=="hidraw", KERNEL=="hidraw*", ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="42b1", TAG+="snap_chromium_chromium"
TAG=="snap_chromium_chromium", RUN+="/usr/lib/snapd/snap-device-helper $env{ACTION} snap_chromium_chromium $devpath $major:$minor"
After that I entered this:
$ sudo udevadm control --reload-rules && udevadm trigger
This is supposed to add an exception to the snap.chromium.chromium apparmor profile
Please let me know if you can reproduce the fix. Unplug/replug might be required, and the U2F permission granted.
If it works, we can also add the other devices to the rules file, and ship it by default.
Main reference here.