How can I be 100% this is the real coldcard or that someone on the factory is a thief or something like that?
Did you check the information as outlined in the quickstart guide here: https://coldcardwallet.com/docs/quick 
If all that checks out, then it is fairly certain the card has not been tampered with. You'll never be able to work out if someone in the factory is a thief tho... but coldcard's reputation is on the line, so hopefully they have taken precautions to hire only "honest" people.
What are the odds of connect to a bad nod over Electrum and can someone steal the money that way?
That's not possible. All the signing happens on the device itself... and once signed, a transaction cannot be modified in any way and still remain valid. A bad node can't do anything other than try and send your Electrum client false info regarding transaction history or it can simply refuse to relay your transation... both can be solved by simply manually connecting to another Electrum server and checking the data etc.Would you recomend to send the whole amount directly or piece by piece?
Depends on what you intend to do with the funds... and how much you have to hold. If you're considering spending some in the near future, you might want to create a couple of smaller amounts, so that when you do need to spend, you don't reveal the total holdings all at once...Ie. if you have 5 BTC total... and only a single 5 BTC UTXO... if you need to send somoene 0.1 BTC, they'll know that you had 5 BTC and 4.9 BTC change... whereas, if you have 5 BTC total, but it is split into 5x 1 BTC UTXOs... when you send them 0.1 BTC, they'll only see 1 BTC input... and 0.9 BTC change
Do note that splitting into multiple UTXOs carries the risk that if you need to spend the bulk of your coins, that the fee could end up being quite large as the number of inputs that need to be used will be increased.
