LONG BEFORE before any actual Quantum Algorithm AND Quantum Computer exists that would allow someone to access the bitcoins secured by P2PKH, Bitcoin will already have moved to a quantum-resistant authorization algorithm. This will prevent Case 3, prevent the need for Case 2, and will allow plenty of time for any users that are still able to access their bitcoins to move those bitcoins with a quantum-resistant transaction.
"long before" implies you know when QC will be capable of breaking ECDSA. when will that be---and accordingly, when will bitcoin developers discuss which quantum resistant scheme to implement, and when to implement it?
what constitutes "plenty of time" for users to upgrade? considering how slowly users adopted P2SH or segwit outputs, bitcoin should probably implement quantum resistant signatures many years before the threat is even remotely real. otherwise
many millions of coins could be stolen, just by virtue of today's common practices of address reuse, xpub sharing, etc.
upgrading to a post-quantum protocol in a conscientious way will take several years at least. when are we gonna
start discussing the details?