I wouldn’t call it paranoid as this implies a mental issue but PQC is very much accepted as potentially becoming an issue.
related: use codecrypt to sign Whonix releases
The assumption here is that if signed by multiple algorithms, that makes it quantum-resistant? While that is conceivable, I don’t know if that is true. Therefore this assumption could use (a few) reference(s).
If that was true, all that would be needed would be a wrapper script around openssl and maybe other existing hashsum creation tools? That would be nice but also somehow sounds too simple to be true. In that case, auditing would be trivial as the algorithms are implemented by already trusted, existing tools.
I don’t think campaigning them would speed up things. gpg could not even be convinced to use the most secure default security settings among other things. Maybe that is why there is now Sequoia-PGP (gpg replacement) - OpenPGP - Development - Kicksecure Forums which seems to have the intention to re-implement things in a better designed way.
Only contributing code the way they want it or forking/new source code would work.
Also consider checking PQC plans for sequoia and contributing to sequoia.