Client side certs mean now every user has a verifiable identity. Maybe you're OK with Facebook knowing your full ID, but is it also OK to tell Grindr, Redtube and Amazon?

Security Keys are better here. The security key can prove to a site that its the same one as before. "Before what?" Well that's up to the site. In most cases it's going to register one or more keys when you sign up to the site, and then check you still have one when logging in. This is completely useless for everything except the one thing it's intended for, a Second Factor during login.

You can always generate a new key pair though. I don't necessarily mean a cert signed by a CA. More akin to use a key pair for SSH.