It seems to me that is the same problem as Single Sign On, and I think there simply needs to be legislation to make it not possible to monopolise markets this way (or just enforce the existing legislation on the topic).

WebAuthn/FIDO are not the issue here.