Passkeys (as defined in the spec) by definition don't.
Non-passkey WebAuthn keys can have additional attestations.
You don't consider WebAuthn to be passkeys? Why not?
You don't consider WebAuthn to be passkeys? Why not?