Although the hash of a public key in itself provides quantum resistance, it is actually only if it is considered in itself in the void. Unfortunately, public key hashes do not exist in isolation and there are many other things in Bitcoin that need to be taken into account.
First, if the public keys have been minced, the funds are protected only when they are spent. As soon as a P2PKH or P2WPKH output is used, the public key is exposed. Although the transaction is not confirmed, an attacker with a fast enough quantum computer could calculate the private key and create a conflicting transaction that sends the funds to itself instead of the intended recipient.
In addition, if this attacker is a minor, he can do it with every transaction and refuse to mine transactions that do not send the coins to himself.
While this is a problem, people often claim that it's better than just spending Bitcoin because they have the blockchain's public key. While this is true, there are a very large number of outputs with exposed public keys.
More than 5.5 million Bitcoins are in outputs with exposed public keys, either because it is P2PK output, or because users are reusing addresses. Thus, public keys are exposed in other transactions. So, if there was a quantum computer capable of producing the private key of a public key in a reasonable amount of time, the attacker would be able to steal so much bitcoin that it would decimate it. Bitcoin economy and that it would become worthless.
Thus, although your particular outputs can be protected by hashes, the value of these outputs will be 0, millions of Bitcoins being stolen. All that hashes do is create a false sense of security.
Then there are problems with the tools and portfolios software, which simply expose the public keys other than in the transactions and the blockchain. No existing tools treat public keys as private information; there is no reason that they should.
Many portfolios send the parent extended public key to a server so that the server can monitor transactions and return that data to the client. Anyone who uses such a portfolio, even temporarily, exposes their parent public key to a service provider. This provider could then calculate the private keys of the public keys it has, extract all the child keys and steal all the bitcoins associated with anyone who has used their wallet.
Additional problems exist with complex scripts and contracts involving public keys. These scripts, such as multisigs, do not hack public keys. In addition, these contracts generally exist because not all parties necessarily trust each other; any of them could be malicious. In such cases, a malicious contract participant would know the public keys involved (knowing the script) and would be able to steal the Bitcoin associated with those exits. Existing public key hashes do not protect against this.
Thus, overall, public keys are already exposed in many ways outside of transactions. All of this would allow different types of attacks to steal millions of Bitcoin, which would change Bitcoin's value to 0, which would make any Bitcoin protected by public key hashes anyway. In addition, users are likely to expose their public keys unexpectedly because of the software they use. The use of public key hashes therefore serves only to create a false sense of security while increasing the size of transactions. In general, this is not worth the extra size.
Finally, it is possible to switch to post-quantum cryptography if it is established that there is a quality control that can break the ECDLP. If it is detected in time but still too late to perform an appropriate upgrade, any use of ECDLP-based signature algorithms (ie ECDSA and Schnorr) could be generated smoothly, which would lock all the pieces. The parts could then be spent by providing a proof of zero knowledge of some unexposed or resistant quantum information that indicates the ownership of the private keys for the public key.
For example, users can prove that they have the BIP seed 32 used to derive the private key from the given public key. Since it is a proof to zero knowledge, the seed itself is not exposed (note that it is not part of a public-private key pair and so there is no shared public component). Since most portfolios use BIP 32, this should be enough. There may be other ways to prove ownership without risking coins that have not been thought of yet.
And of course, all of this assumes that a quantum computer capable of computing the private key for a public key appears without the public being aware that the technology is close to existing. What is likely to happen is that the progress of quantum computers will be observed and, before they are powerful enough to break ECDLP, Bitcoin will logically modify a strong Quantum signature algorithm. Eventually, the signatures pressing ECDLP will be removed. And all of this will happen before quantum computers really become a common thread. So, in this scenario, the hash of public keys does not provide any help anyway.
Note that all of the above is not limited to quantum computers. It generally applies to any cryptographic break of ECDSA (or Schnorr).