SERVER-63466 adds the function validateShardKeyIsNotEncrypted() to shard_key_util.cpp, which is used to check that none of the shard keys specified in a shardCollection, reshardCollection, or refineCollectionShardKey command are FLE2-encrypted fields. This check needs to occur in the primary shard's DDL coordinator, since it needs to check against the CollectionOptions of the target collection. Ideally, this call should be folded into the validateShardKeyIndexExistsOrCreateIfPossible() function, since that function is already called for validating the shard key for each of the relevant commands.