Is it possible to somehow calculate how many SHA-256 hashes have all the miners calculated for the entire history of Bitcoin?

Last numbers I have seen from Pieter Wuille are from 2020:
With block 632874, around a day ago, the expected cumulative work in the Bitcoin blockchain surpassed 2^92 double-SHA256 hashes (with a standard deviation around 1.4*2^83).

If a user wants to use the mnemonic seed words for his wallet even in a few years/decades/..., will the same 24word seed be safe even in the post-quantum era? According to the BIP39 standard, it is protected by the HMAC SHA-512 hash function, so we assume that it is quantum-resistant (at least 256 bits of security post-quantum?). Let's not talk if QC are a real "threat", what the PQC will look like but just discuss the safety of those 24 words.

1) Do you think that from a UX point of view it will be possible to keep the existing seed and just generate a new PQC keys with a new derivation path?

2) I assume users with 12 words (128 bits of entropy without passphrase) would have to migrate to 24 words (256 bits of entropy) as 128 bits entropy is probably reduced to only 64 bits with Grover's algorithm.

[OR]

If there was a vulnerability in ECDSA/Schnorr (maybe because of a quantum computer but it can be any other reason - lattice attacks, etc.) and there would be alternative - new safe locking scripts - and people would start moving their coins into them.
What do you think would happen to those UTXOs that don't move at all (lost coins/Satoshi’s coins/etc.)?

Do you think the consensus would be to let them be stolen OR to soft-fork them out (remove from circulation - e.g. “you have 10 years to move your UTXOs, otherwise they will become invalid”)?

The first option is better in my opinion but flooding the market with so many coins could be massively disruptive.
The second option would probably not be able to reach consensus but the effect on price would not be so disastrous.

Some people touched this in the following thread but I didn't want to continue there as this was a little bit off topic:
https://bitcointalk.org/index.php?topic=5400954.0

[Assumptions:]

I have found a lot of threads about PoW but not much about other aspects of SHA-256 dependence so I hope this won't be a duplicate.

Assumptions:

1) Let's say we know that SHA-256 is weakened in every possible way (collisions/preimage attacks/second preimage attacks) and will become risky to use within 10 years.
2) We have 10 years to migrate (we know the attacks will be possible but will come gradually, not overnight)
3) Let's say we have a safe replacement in the form of, for example, SHA-3 (just theoretically, it can be any hash function of the future, it is not important for the following questions)

How critical do you think the situation would be for Bitcoin? Not particularly concerned about PoW at the moment.

Questions:

1) What would have to be upgraded in Bitcoin besides mining - txids, merkle trees, block headers, signature hashes?
2) How hard would be to migrate these parts of Bitcoin with a minimum damage?
3) What would happen to all the UTXOs in e.g. P2SH, P2WPKH, etc. - could they still be moved after the hash function change (which would be a hardfork probably)?

I know we probably won't have to deal with this in our lifetime, but again, in theory, I would like to know how you think about a similar emergency scenario.

Thanks a lot!