Problem/Motivation
I've now run into this issue on more than one occasion and the underlying cause is mysterious/rare enough that I think we should improve the DX.
Steps to reproduce
Try to perform a json:api collection query on an entity that does not implement any of published, status, or owner entity keys.
OR
The entity being queried does implement one of those entity keys, but the module providing the entity type does not implement hook_jsonapi_entity_filter_access() or hook_jsonapi_ENTITY_TYPE_filter_access() to provide the "known subset" access levels.
In that case, the query guard runs ::alwaysFalse() which adds a "weird looking" condition that is always false. You get an empty set with no explanation in the response payload.
Proposed resolution
We should do some logic in an assert() (similar to the json validation against the json:api spec) that notifies the developer that they got an empty response due to the query guard denying the filtering. This might be intended, but many times it's not and this is a real Drupal WTF in the meantime.