In case one device is lost I wouldn't lose access to the web-interface. I just can revoke access with the first device and use the second (backup) one.
The only use case from security view I can see for multiple tokens is when u2f tokens are
mandatory, but at this moment I don't see an option to set that. So it's a users choice or an account specific preconfig by an admin.
If I understand right, the root account on a node can always delete a u2f token for another user account.
If you would like to have as much self support for VM users without intervention of an administrator of the root account (or another account with sufficient permissions) then multiple tokens would be handy, because a user without those permissions would have to ask for help when the u2f hardware key got lost or damaged.
When looking at other platforms allowing multiple u2f tokens, such as gitlab or gitea, users are presented recovery or scratch codes, whitch Proxmox doesn't have. So fallback on Proxmox seems to be to use the root account to correct the u2f token, and fallback is important.