Remove String Overload from `can()` / `cannot()`

[Hrdtr]

Describe the feature

// REMOVED — no longer compiles
await guantr.can('read', 'post');
await guantr.cannot('read', 'post');

// REQUIRED — use dedicated methods
await guantr.canAbstract('read', 'post');
await guantr.cannotAbstract('read', 'post');

// Resource-aware unchanged
await guantr.can('read', ['post', postInstance]);

Rationale

The string overload was deprecated in v1.1.0. It operates under fundamentally different
semantics (allow-exists only, deny not evaluated) from the tuple overload (full evaluation,
deny overrides allow). Sharing the same method name made it too easy to misuse the
abstract check for actual authorization decisions.

Migration

Find-and-replace:

• guantr.can(action, 'resource') → guantr.canAbstract(action, 'resource')
• guantr.cannot(action, 'resource') → guantr.cannotAbstract(action, 'resource')

Implementation Tasks

• Remove string type from can() resource parameter
• Remove string type from cannot() resource parameter
• Remove the if (typeof resource === 'string') branch from can()
• Update all internal tests
• Add codemod script in scripts/migrate-v2.ts (optional convenience)

Additional information

• Would you be willing to help implement this feature?
• Can you think of other implementations of this feature?

Final checks

• Check existing issues.