Let assume that someone built a Cryptographic Quantum Computer (CQC) that specially can run Grover's algorithm. Grover's algorithm is asymptotically optimal that is one needs $\mathcal{O}(\sqrt{n})$-time for the $n$ bit security for pre-image attack or key search. That is one have 128-bit security from from 256-bit key space. This is the advertisement of the Grover' algorithm yes it has $\mathcal{O}(\log{n})$-space, however, this is not enough.
What generally missing is the $\mathcal{O}(\sqrt{n})$ call of the Grover's algorithm, consider that you want to break 128-bit then you need to run the Grover's algorithm $2^{64}$-time. If we assume that you can execute one Grover's algorithm in a machine in one nono seconds then you need $\approx 585$ years to find the key. This is quite optimistic in the sense that one can prepare a QCQ in one nano second.
Grover's Algorithm, like classical algorithm can be parallelized, too. Well, interestingly, for $k$ parallel Grover we don't have quadratic increase, we have $\sqrt{k}$ speed up. This doesn't scale up well.
This is all about the Grover's, now there is another work from Brassard et al. for hash functions for collision finding, has $\mathcal{O}(\sqrt[3]{2^{256}})$-time and $\approx \mathcal{O}(2^{85})$-space. That has still in the asymptotically optimal and this time we have 128-bit security from 384-bit hash function with $2^{128}$-space requirements.
With these we can argue that even 256-bit hash functions and even 128-bit block cipher are safe fro CQC. A more realistic calculation made from
Keeping the detail to the article, let stick the NIST and assume that we need $384$-bit hash function against CQC to have 128-bit collision resistance, the pre-image resistance is $192$-bit .
If we use 256-bit HKDF it will have 128-bit CQC pre-image resistance. This means that the 256-bit hash will enough.
Since TLS 1.3 simplified almost everything;
The Hash function used by Transcript-Hash and HKDF is the cipher suite hash algorithm.
The meaningful explanation is SHA-384 is chosen to have 128-bit collision resistance that fits 128-bit resistance of the AES-256. In a simplified manner one can say that AES_256_GCM_SHA384
has 128-bit security against Quantum adversaries.