They obtain the first 32 bytes of each signature.

All your scenarios make this assumption, and so lets dig into it.

For ECDSA with RFC-6979, it gets the message and the private key, and generates the first 32 bytes are $F( message, privatekey ) $, where $F$ is a public and noninvertible function; that is, by knowing the output, you cannot reconstruct the message (or even the hash of the message) or the private key; this holds true even for your hypothetical quantum attacker. You cannot even, two outputs of $F$, determine how the inputs were related (unless, of course, on an exact duplicate).

With that, we can make short work of your questions:

1.1. Can the attacker prove that the incomplete signatures were produced with the same private key?

If two of the signed messages happened to be the same and they were signed by the same key, then that will be obvious (as the two signatures will, of course, share the same 32 bytes). Otherwise, no; $F$ doesn't allow such testing.

1.2. What can the attacker compute (message, public key, private key)?

No; $F$ doesn't leak anything

- The attacker knows the same private key was used. What can the attacker compute?

Same answer; nothing.

3.1. Can the attacker prove that the incomplete signatures were produced with the same private key?

No; $F$ doesn't leak that.

3.2. Can the attacker prove that the incomplete signatures were produced with the same private key?

No, $F$ doesn't leak that

- They know that the same private key was used for all incomplete signatures. What can the attacker compute?

Nothing; $F$ doesn't leak any information.

Now, all this assumes that the attacker doesn't somehow guess the private key - if he does, then he can test guesses of the messages.