Are there any best practices on using one of the "-sk" key types and authorizing usage with your security key, vs. storing the whole ssh key on the security key?