Add $guard_name property to User model

[kevalyq]

🎯 Objective

Add explicit $guard_name = 'sanctum' property to User model to align with token-based authentication architecture.

📋 Changes Required

Location

File: app/Models/User.php
Section: Class properties

Current Code

class User extends Authenticatable
{
    use HasApiTokens;
    use HasFactory;
    use HasRoles;
    use Notifiable;
    use TenantScoped;

    protected $fillable = [
        'name',
        'email',
        'password',
        'tenant_id',
    ];

    protected $hidden = [
        'password',
        'remember_token',
    ];
    
    // ... rest of class
}

Target Code

class User extends Authenticatable
{
    use HasApiTokens;
    use HasFactory;
    use HasRoles;
    use Notifiable;
    use TenantScoped;

    /**
     * The guard name for Spatie Laravel-Permission.
     * Must match the authentication guard used in routes (sanctum).
     */
    protected $guard_name = 'sanctum';

    protected $fillable = [
        'name',
        'email',
        'password',
        'tenant_id',
    ];

    protected $hidden = [
        'password',
        'remember_token',
    ];
    
    // ... rest of class
}

✅ Acceptance Criteria

• protected $guard_name = 'sanctum'; added to User model
• Includes PHPDoc comment explaining purpose
• All tests pass after change (233 tests)
• PHPStan Level Max: 0 errors
• Laravel Pint: Clean
• No side effects in other models

📊 Expected Impact

Before: User model defaults to 'web' guard (implicit)
After: User model explicitly uses 'sanctum' guard (self-documenting)

Benefits:

• Spatie permission checks use correct guard
• Self-documenting code (clear authentication mechanism)
• Future developers understand architecture immediately

🔗 Related

• Parent: [EPIC] Migrate Permission System from 'web' to 'sanctum' Guard #125 (EPIC: Migrate Permission System to sanctum guard)
• Should be done AFTER: Update RoleManagementApiTest to use sanctum guard #126, Update RoleApiTest to use sanctum guard #127, Update PersonApiTest to use sanctum guard #128 (test file updates)
• Reason: Ensures tests create permissions for correct guard before User model declares it

⏱️ Effort Estimate

Time: 5 minutes
Complexity: Trivial (single line addition)

⚠️ Important Notes

Timing: This change should be made AFTER all test files are updated to create permissions with guard_name='sanctum'. Otherwise, tests will fail because:

1. User model declares sanctum guard
2. Tests still create permissions for web guard
3. Permission check fails (guard mismatch)

[github-actions]

✅ This issue has been added to the SecPal Feature Roadmap with status: 💡 Ideas

New idea - needs discussion and evaluation

Status Flow:
💡 Ideas → 💬 Discussion → 📥 Backlog → 📋 Planned → 🚧 In Progress → 👀 In Review → ✅ Done

Note: Ideas that won't be implemented should be moved to 🚫 Won't Do with a reason.