In most cases, the client platform handles PIN entry for security keys, not the browser (there are some exceptions).

but how do they know what process on the host they are allowing to act on their identity? What stops the authenticator from granting a hidden webauthn client privileges to act on their behalf? Must they still enter a PIN for every session?

Client platforms are responsible for interacting with authenticators, including managing who can call the APIs. Most major client platforms only allow a single WebAuthn request to be in flight at a time.

A simple solution would be for the www browser to keep the authenticator binding state pinUvAuthToken established by a single PIN entry in long term memory. Does anyone know whether browsers behave that way?

No, the PUAT is not an artifact designed to be stored.