I bought a physical security key for that it add that very specific "physical" layer of security, to stay clear of the paranoid thinking of having a potential zero-day that would annihilate all the effort I made to stay secure, for example, by rendering the password of the (by default) 10 minutes automatic re-lock feature of my Proton Pass clear to some evil people, or the cookies of my session or whatever. I know there's multiple way to counter this statement and in extension a lot of my other fears, good (like Guy's reply) and lesser good arguments would be presented, but the fact would still remain that, I want to feel secure and I'm not 100%.
That feeling would effectively vanish if I took it the way I think fits me the best. And I right now think this is what I need.
This is the most important piece of software people rely on, I would love to get the most I can possibly get out of this.

Also, I too, feel like it really should be a basic feature but hey what do I know.

Would be nice to have both options. It's easier to just type a pin and there are people who would like that, which is fine. But as Natsuki indicated, it's far more secure if the app just logs out after a pre-determined period. Bitwarden does this.

Please implement fido2 api for Security Key auth. Works without play services. It would be much easier to use a security key like yubikey, instead of typing a password. Thanks https://developer.android.com/identity/sign-in/fido2-migration

The PIN is pretty secure because it only serves as an additional last layer. To have a proton pass session you already must be signed in to your proton account -for which you can enable hardware keys and anything you like. And then additionally you use proton pass behind your device security, so for a phone that is hopefully a strong password and biometrics, and for a laptop hopefully the same. So the proton account element prevents access on devices that are not yours, and then your device security prevents access to signed in sessions.. and then on top of that there is a PIN every time you open proton pass in a browser extension etc, why would this also need a hardware key? if someone has got that far into your local device well you've got much bigger problems

YES ! This is a must have in my opinion. And to be precise we need Passkey support for Proton Pass unlock method. I do not mind.

I tried using proton pass for the first time today and I have to say that this is so obvious that I cant believe it isnt a thing from day one!

Enpass uses this. A key is created and stored locally and if it exists a pin entry would allow access. Without the key pin isn't even displayed. Is this what your thinking?