Good point. I can offer three possibilities to how you might know. First, a data leak of the material. Second, law enforcement presumably gives hashes of known CSAM to service operators so they can detect and report it. You could pose as or be the operator of such a service and get the hashes that way. Third, if you were a government operator you may have access to the hashes that way. (Although I guess corrupt government agents would have other easier ways of getting to you)
Yes. That, plus it's unclear whether you can create a collision with a nonce. It's a perceptual hash, not a cryptographic one. Lastly, to compute that collision might be so expensive that you could instead compute small SHA-256 hashes, ie mine BTC, and use the money to obtain your sinister goals via other means.