Fix silent hang in flush when nodeShutdown returns non-recoverable error

[alexgim961101]

Problem

During physical restore, flush() calls nodeShutdown() to shut down mongod.
If nodeShutdown() returns an error other than ConflictingOperationInProgress
(e.g., (Unauthorized) shutdown must run from localhost when running db without auth),
the error is silently ignored due to the if err != nil && contains(...) pattern,
and the code proceeds to waitMgoShutdown() which hangs indefinitely.

Root Cause

err = nodeShutdown(ctx, r.node)
if err != nil &&
    strings.Contains(err.Error(), "(ConflictingOperationInProgress)...") {
    return errors.Wrap(err, "shutdown server")
}
break  // ← non-ConflictingOp errors silently ignored

Changes

flush() — Extract error classification

Replaced the inline strings.Contains check with a call to the new
isNonRecoverableShutdownErr() helper:

err = nodeShutdown(ctx, r.node)
if err != nil && isNonRecoverableShutdownErr(err) {
    return errors.Wrap(err, "shutdown server")
}
break

isNonRecoverableShutdownErr() — New helper function

Returns true if the error indicates mongod will not shut down and waiting
would be futile. Currently checks for:

• (Unauthorized) — e.g., shutdown from non-localhost without auth
• (ConflictingOperationInProgress) — node already stepping down

New error patterns can be added to the nonRecoverablePatterns slice.

Testing

Tested with a 3-node replica set (MongoDB 7.0, no auth, Docker):

• Before: restore hangs indefinitely at waitMgoShutdown()
• After: restore fails immediately with clear error message:
  shutdown server: (Unauthorized) shutdown must run from localhost when running db without auth

[it-percona-cla]

All committers have signed the CLA.

[boris-ilijic]

Hey @alexgim961101, thank you for your contribution. It looks good, we’ll perform a deeper review shortly and get back to you.

[alexgim961101]

@boris-ilijic Thanks for the response! Take your time with the review. I'm happy to address any feedback.