Fascinating!
You got me thinking. There’s probably a better approach. At least for taproot addresses, users could conceivably tweak their Schnorr public key with the hash of some quantum-resistant public key.
This would minimize the on-chain footprint and the off-chain backup requirements, while providing a seamless way to backup the ledger.