You can buy and provision Java cards (nfc/contact) with nostr signing code. This would work well for mobile. Tap to post is good for users who need a high level of nsec protection. There is no desktop browser API for sending raw data to a smart card that I know of though. There might be ways to do it by leveraging other standards in an unintended way. Or perhaps a native companion app that exposes an API to webapps.