Only let healthy secondaries take part in transactions

When creating a transaction we currently let all secondaries take part in the transaction, regardless of their respective health status. It doesn't make any sense whatsoever to include unhealthy secondaries in a transaction, though, as this will completely block any mutating progress until the unhealthy node is back up. That's not really the aim of transactions at all.

Let's improve the situation by using a best-effort strategy: instead of including all nodes, we now just queue healthy ones. This will allow progress in all cases except where the primary itself is unhealthy. Any node that is currently unhealthy will then need to get repaired as soon as it comes back up. Note that as there are currently no replication jobs being scheduled yet, doing so needs to be deferred until that work has landed.

---

Note that I ain't got a test written yet. This is mostly due to the fact that I've written the test framework in !2355 (merged) and don't want to duplicate that work right now. I tested the changes manually and will definitely create a follow-up MR as soon as !2355 (merged) landed, if you're fine with that.