[Bug] Fix the policy comparator to prioritize DENY over ALLOW

### Before Creating the Bug Report

- [x] I found a bug, not just asking a question, which should be created in [GitHub Discussions](https://github.com/apache/rocketmq/discussions).

- [x] I have searched the [GitHub Issues](https://github.com/apache/rocketmq/issues) and [GitHub Discussions](https://github.com/apache/rocketmq/discussions)  of this repository and believe that this is not a duplicate.

- [x] I have confirmed that this bug belongs to the current repository, not other repositories of RocketMQ.


### Runtime platform environment

All platform

### RocketMQ version

develop and 5.3.3 (the branch using ACL 2.0)

### JDK Version

All

### Describe the Bug

In the `AclAuthorizationHandler#comparePolicyEntries` method, if the priority of the policy cannot be distinguished by resource type or matching mode, the priority of deny should be higher than that of allow.

However, in the current code, if o1's policy is DENY and o2's policy is ALLOW, the method returns `1`. This causes o1 to be sorted after o2, resulting in incorrect logic that ALLOW takes precedence over DENY.

<img width="599" height="130" alt="Image" src="https://github.com/user-attachments/assets/54e58eca-0825-45a6-a436-88383e78bc7c" />

### Steps to Reproduce

At this stage, since multiple decisions cannot be configured for the same resource, this problem does not occur in practice. We can use test code to verify this problem.

Need make `AclAuthorizationHandler#comparePolicyEntries` to public for test.
```
public static void main(String[] args) {
    AclAuthorizationHandler handler = new AclAuthorizationHandler(new AuthConfig());

    Resource resource = Resource.of(ResourceType.TOPIC, null, ResourcePattern.LITERAL);
    PolicyEntry allow = PolicyEntry.of(resource, Arrays.asList(Action.PUB), null, Decision.ALLOW);
    PolicyEntry deny = PolicyEntry.of(resource, Arrays.asList(Action.PUB), null, Decision.DENY);

    List<PolicyEntry> policyEntries = new ArrayList<>(Arrays.asList(deny, allow));
    policyEntries.sort(handler::comparePolicyEntries);
    PolicyEntry policyEntry = policyEntries.get(0);
    System.out.printf(policyEntry.getDecision().toString());
}
```

<img width="1014" height="391" alt="Image" src="https://github.com/user-attachments/assets/981c56e0-4323-43ad-b14e-01244a3759b3" />

### What Did You Expect to See?

Use correct policy judgment logic to give DENY a higher priority than ALLOW.

### What Did You See Instead?

If o1 is DENY and o2 is ALLOW, then ALLOW takes precedence over DENY.

### Additional Context

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Bug] Fix the policy comparator to prioritize DENY over ALLOW #9784

Before Creating the Bug Report

Runtime platform environment

RocketMQ version

JDK Version

Describe the Bug

Steps to Reproduce

What Did You Expect to See?

What Did You See Instead?

Additional Context

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Bug] Fix the policy comparator to prioritize DENY over ALLOW #9784

Description

Before Creating the Bug Report

Runtime platform environment

RocketMQ version

JDK Version

Describe the Bug

Steps to Reproduce

What Did You Expect to See?

What Did You See Instead?

Additional Context

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions