Excellent stuff, and a good read for people who studied PQC.
Given that in the next few weeks or months, PQC-capable (ML-KEM and ML-DSA enabled) releases of OpenSSL and OpenSSH will be rolled out in most if not all Linux distros, likely in MacOS and hopefully in the mobile variants as well, and hoping that server admins will swiftly upgrade, quantum computing supported decryption may actually be over before it even starts. (No idea what Microsoft is doing but they cannot risk adversary triggered downgrades either.)
Except for those cold case encrypted harddisks using less than 256 bits of key length (i.e., weaker than AES256) and all the "harvest now, decrypt later" recordings by the likes of the NSA. This stuff is lost as soon as QCs with more than, say, 4000 error corrected qubits are available. May quantum decoherence slow this process down a bit.