What

For each lock-order inversion: document the canonical lock acquisition order in a class-level comment, enforce it structurally (reorder acquisition or use `ACQUIRED_BEFORE` / `ACQUIRED_AFTER` annotations), and annotate complex conditional-unlock sites with `NO_THREAD_SAFETY_ANALYSIS` where Clang TSA cannot model the control flow.

Files: `replication_coordinator_impl_step_up_step_down.cpp` (line 360), `oplog_writer_impl.cpp` (line 190), `initial_syncer.cpp` (line 1726), `transaction_coordinator_service.cpp` (lines 101, 245).

Resolves: SERVER-108622, SERVER-108876, SERVER-109129, SERVER-111620, SERVER-110608

Why

A lock-order inversion is a structural deadlock hazard: both acquisition orders exist in the code, and the OS scheduler decides which fires first. Because Coverity cannot be run locally, the most reliable way to confirm a fix resolved the finding — and to stop it from being reintroduced — is to enforce the ordering through annotations or restructuring so the compiler or TSA rejects the wrong order.