How are we planning to come to that agreement?
We'll have a discussion here and on IRC. Whoever controls bitcoin.org makes the final decision about what is listed there, and if other people disagree, they will advocate different versions on their sites.
What happens if the attack isn't published for a little while, and so an arbitrary number of blocks have bad data in them? How do we pick out the bad while losing a minimum of good tx?
We'll come to some agreement about it at the time. I'd advocate removing all blocks where it is likely that most transactions are illegitimate. Most legitimate transactions can be reversed without doing too much damage, since honest senders will make new transactions.
How do we hash the agreed-upon content?
At least all block contents should be hashed. Maybe later a hash of a "balance sheet" of only unspent transactions could be created for the sake of efficiency. These would be version 1 blocks, and later blocks would be version 2 (likewise for transactions). Perhaps the first version 2 block would refer to this hash instead of the previous block hash.
How do we re-secure the money contained in the blockchain without the private keys for those addresses?
If SHA-256 or RIPEMD-160 is broken, the key isn't necessary. Miners memorize the contents of unspent transactions, indexed by the new secure hash. People who want to spend a transaction refer to the new secure hash instead of the insecure hash.
If signing becomes totally broken, Bitcoin would probably have to restart. If the attack does not allow recovery of the private keys, maybe the same keypairs could be used with a more secure algorithm.
What happens on the client side when we do this? Do people have to download a new client?
Yes.
If so, when they are using the old client, is there any indication that they need to download a new client?
An alert will be issued.
If they don't download the new client, are they still making transactions that won't be ported to the new chain?
Most likely.
This is what I mean. We "know" how we'd do it, but no one's actually bothered to come up with an actual plan, let alone tested the scenario.
Creating a complete plan and testing would be good.