fix(policy): warn at startup if module exports abilities without SubjectRegistration

[PierreBrisorgueil]

Problem

In discoverPolicies() (lib/middlewares/policy.js), if a module policy file exports *Abilities but forgets to export *SubjectRegistration(), subjects are never registered. deriveSubjectType() silently returns null → fallback to collection-level CASL check with no warning logged.

Fix

Add a startup warn when the pattern is broken:

// After discovery loop
for (const entry of discoveredPolicies) {
  if ((entry.abilities || entry.guestAbilities) && !entry.hasSubjectRegistration) {
    logger.warn(`[policy] ${entry.name}: exports abilities but no SubjectRegistration — subjects will not be resolved`);
  }
}

Risk

Silent security degradation when a new module omits SubjectRegistration.