Another way to fight a difficulty attack could be an emergency difficulty adjustment.
You don't want to go that way. BCH did it, as well as some other altcoins, and the main result is that you don't need to even break SHA-256 to weaken their networks. All you need is just forming a minority, and pretending that it is the "true Bitcoin", and then you mine your blocks on a much lower difficulty, while pretending that nothing happened at all, and pretending that the problem of a 51% attack does not exist on your chain. But it didn't vanish, and by messing up with difficulty adjustments, you created a chain, that is wide open for next forks, like BSV.
because if I am mining and suddenly they pull the plug and say you no longer can use these miners because there was an attack, well what am I supposed to do now?
You are supposed to still keep your miner, because of rehashing. If we would have any upgrade, people would try to make it backward-compatible. Which means, the new consensus could require computing both "SHA-2 and SHA-3", or even some "hardened SHA-256", which means, your equipment could still do that better than some CPU. And even if initially you would have your ASIC for SHA-256 and CPU for SHA-3, in case of double-hashing-consensus, you will still need your equipment to compute the part that would be backward-compatible.
developers can't keep their wallets safe, how can they keep a giant network safe when it's under attack?
Why do you think that developers cannot keep their own wallets safe? Fully breaking SHA-256 on preimage level would mean, that everything would need to pass through some hardened SHA-256, or be double-hashed, for example by both SHA-2 and SHA-3. Which means, the whole history stored by full archival nodes will be preserved (because people have backups, and because some blockchain copies are stored offline; also because a lot of history is processed many times, and stored in many different forms, for example by block explorers; because there are databases, and so on; there are many reasons why a decades long chain reorganization will not be triggered that easily). Which means, in case of some huge attack, people will start re-hashing things, for example with SHA-3.
Also, you can read, what Satoshi wrote about breaking SHA-256.
SHA-256 is very strong. It's not like the incremental step from MD5 to SHA1. It can last several decades unless there's some massive breakthrough attack.
If SHA-256 became completely broken, I think we could come to some agreement about what the honest block chain was before the trouble started, lock that in and continue from there with a new hash function.
If the hash breakdown came gradually, we could transition to a new hash in an orderly way. The software would be programmed to start using a new hash after a certain block number. Everyone would have to upgrade by that time. The software could save the new hash of all the old blocks to make sure a different block with the same old hash can't be used.