Disclaimer: I don’t know myself. That being said, searching about systemd-cryotenroll in the forum lead me to this post, that seems to suggest that performing the initial LUKS unlocking using FIDO2 during startup is not yet possible as of R4.1. Again, I may be reading that wrong, and that information might be incorrect, but I think you’ll find some information on the forum starting from there.