Grant query level access to own/any unpublished nodes

Problem/Motivation

Currently "view own unpublished content" access is only checked and grants access a user to its own content when ->access('view') method is called on an already loaded Node object by node id or via loadMultiple().
"view any unpublished content" provided and used by the content_moderation module also implemented with a similar problematic design: #3161658: Content moderation does not implement node grants and thus doesn't integrate its permissions with other grant implementing modules

When Node ids are collected via an entity query or database query with node_access tag in place, unpublished contents by the (current) user are not returned.

E.g.:

    $result = \Drupal::entityQuery('node')
      ->accessCheck(TRUE)
      ->execute();

This leads to interesting and long term problematic workarounds both in Core and in contrib space:

• IMO the \Drupal\node\Plugin\views\filter\Status Views filter should not exist, but it does and therefore #3449181: The Content overview page filters out unpublished nodes when a node access module is enabled also exists
• The \Drupal\node\Plugin\EntityReferenceSelection\NodeSelection entity reference selection plugin should grant access to (own) unpublished content without additional workarounds, see #2845144: Users without 'bypass node access' permission can't reference unpublished content even if they have access to it
• Contrib and custom node access modules should not need to re-implement "view own unpublished content" permission handling in the query access level
  • View Unpublished
  • Node View Permissions - and #3346486: Node author cannot view its own unpublished node according to entity query access
  • Search API's ContentAccess processor

Steps to reproduce

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet