That depends on how reliably you want them to be. What you might call "highly reliable" then 12. "Decent reliable" then 24! The threat to bitcoin's signing keys is Shor's Algorithm, and with a few thousand highly-reliable logical q-bits it's game over for enough keys to cause catastrophic economic failure to the whole network, like a body going into shock. SHA256 is another thing, that's Grover's algo and to "crack" SHA there's a silly number of operations so you have to take those into account alongside q-bits, and it's like the age of the universe. So "crack" is not quite the right word. But to gain a speed edge is a real thing, and that leads to this difficulty manipulation attacks and other things. (Depends on q-bits but also the machine's raw speed.) Shor's is enough on it's own to deal a knockout punch to bitcion though, if it happens soon enough.