I always thought Passkeys is: Workflow for applications that aren't web applications. WebauthN only works in a browser, while passkeys work in "other" types of applications.

The fact that the private key is stored on iCloud is mostly irrelevant for understanding how it works, that's a client device implementation detail. There are software-only authenticators that work with WebauthN just fine and allow you to back them up.

webauthn can very much be used in a desktop application, you're just losing the phishing resistance factor, as the application can choose what to send as identifier, which includes collecting tokens for other tools/websites.

Well, you can use webauthn in a desktop application by opening a browser. I'm annoyed to do it every time I have authenticated with Bitwarden.

just the other day i've used it in a CLI application (which authenticated against web, but without real browser): https://github.com/Yubico/python-fido2