Make collect_session_recipients more resistent #2729
Description
Currently when collect_session_recipients is figuring out to which devices a key was distributed it only looks at shared_with_set and not to_share_with_set (inflight).
That means that if the caller calls share_room_key, but fails to distribute the to_device, at the next call the device will not be seen has having the key but will eventually get it after next call that processes outgoing requests next message is sent in room.
As an example there was a bug in webR, where to-device was not marked as sent.
This leads to several strange side effect.
For example is you change the only_allow_trusted_devices setting to true (with an unverified device in the room). Then collect session recipient won't rotate the megolm session, as the session as not been delivered (not in shared_with_set, only in to_share_with_set).
As a result the sdk will give you 2 to-devices, a room key for the device and a withheld for the same device and same session.
We could make the sdk more resistent by considering bothshared_with_set and to_share_with_set