Your change today to eliminate app password (when Face ID) cannot be used & replace it with system(device) password renders Face ID pointless. The entire point of having app specific passwords with Face Id is so the main user gets the convenience of Face ID but can limit access for specific apps to themselves & those they give the password to versus anyone who knows they device password.
This is what every app has always done with the exception of yours now. There is no point having face ID turned on because if someone has the password for the device then they’d have the password for an app that does this. That’s why no app does.
If they did what Brave has just done then letting a family member of friend handle my device would me giving them access to everything from my private notes to my banking etc, to my apps I use for work etc. Even apple recognizes the issue with this & the AppleID password is not the system password (granted they don’t lock down password in settings with something other than a device password but that’s why most people use 3rd party password managers.