The CollectionMetadata::getChunkManager() method exposes internal implementation detail of the ownership state of the shard role. This detail is dangerous to use, because it happens to also contain the ownership state of other shards without any guarantee of its stability.

For example, this piece of code makes a correctness-critical assumption for change streams, based on cached (and possibly stale) information that the recipient of a chunk doesn't contain any data. This is not correct to do, because between the time the donor recovers its ownership information and the time this check is performed, there is no guarantee that the recipient hasn't received something or lost all its chunks.

The goal of this ticket is to:

1. Inspect all calls to CollectionMetadata::getChunkManager() and if they legitimately only look at ranges owned by the shard (shard role usage), place them as semantic operations on the ScopedCollectionOwnershipFilter similar to this one.
2. If they look at ranges that are not owned by the shard, file SERVER tickets explaining the bugs that this may lead to, the versions impacted and relate them to this ticket (e.g. SERVER-85914).
3. Hide CollectionMetadata::getChunkManager() from the public section of CollectionMetadata.