I think it should be like this:
— If you are actually need metadata, for compliance, legal, security reasons, then yes. Fail if fail to found
— If you just want FIDO, then you can just drop entire trust root verification
Yes, you can certainly add other vendors Metadata Statement, if you wish.
You should read this article: https://fidoalliance.org/fido-technotes-the-truth-about-attestation/