Creating named streams on existing files is not quite right
In MS-FSA, 'file lookup' effectively has the following branches:
If the file doesn't exist, create the file and the stream
If the file exists, and the stream exists, perform access and sharing checks
If the file exists, but the stream doesn't exist, perform access checks, then create the stream.
In our implementation, 1 and 3 are collapsed into a single branch: If the file exists, but the stream doesn't, that's treated as if the file didn't exist. Right now, the primary effect of this is that we don't check the accesses requested, and so the enhancements in #11037 can't properly audit these requests.