This is already a thing today. Most major could providers perform server-side scanning, so if a nefarious party can smuggle problematic photos onto your cloud, you have the same problem.
To make it perfectly clear: I am absolutely agains this scanning system, but I think that we need to keep to high-quality arguments to successfully argue agains it.
This part isn’t true. Unless a threshold of multiple matches is reached, Apple won’t have a complete key to decrypt anything.