Hope that delayed contributions are permissible.
Regarding the original question, the necessity of using an oprp as a control program is fundamentally stated in def.3.9 where “likelihood” is logically interpreted (somehow) in a risk-based fashion. The additional word “essential” can hopefully be interpreted as assisting the (somehow). The “essential” can then be (partially) interpreted as referring to the detailed hazard analysis procedure prescribed in 7.4.1 – 7.4.4 culminating in selection of a cut-off into oprp-ccp / (the rest). This process has analogies to traditional haccp (TH) although the implemented hazard analysis for oprp is typically less scope-restricted to the production flowchart than TH.
IMO it is a subjective choice as to how you evaluate (both conceptually and quantitatively) the necessity / capability of the individual metal detectors (MD) to handle the perceived risk. As previously noted in this thread the choice demands information. If the MDs are all assumed identically effective, presumably only one fully functional unit is required to do the job (?). This could theoretically be any of the units. I think traditional haccp often chose to evaluate an arbitrary "worse case" scenario with at least the “last one standing”. The risk analyses for individual prior units could then be assessed (adjusted) appropriately. For ISO 22000, it should be easier (particularly from a paperwork perspective) to simply classify this series (ie not parallel) as a combination of only one Met.D. I believe this is auditorially acceptable despite (?) not appearing explicitly in ISO 22000.
As far as the method of categorisation is concerned, one might say that, for implementation, subjectivity rules and is (rightly or wrongly) implicitly supported by ISO 22004. Presumably, if one wishes to minimise the chance of auditorial argument it is safer to follow a procedure involving all of 7.4.4 (a-g) although many re-interpretations / simplifications are evidently considered acceptable by their appearance in the literature.
I have also occasionally seen mention of oprps being given specific critical limits on the basis of “there is no (auditorial) risk in expansion of the standards requirements”. Not so sure about that one. Obviously one can always re-label anyway if desired, similar to “operational limits’ in trad.haccp