fix(policy): remove dead guest read rule on authenticated task routes

## Context

Raised by Copilot review on #3134.

## Problem

`modules/tasks/policies/tasks.policy.js` grants `guest` the `read` action on `/api/tasks/:taskId`:

```js
{ roles: ['guest'], actions: ['read'], subject: '/api/tasks/:taskId' },
```

However, the route is behind `passport.authenticate('jwt', { session: false })`:

```js
app.route('/api/tasks/:taskId')
  .all(passport.authenticate('jwt', { session: false }), policy.isAllowed)
```

Guests are rejected by the JWT middleware before `policy.isAllowed` is ever called — this rule is dead code.

## Fix

Remove the dead guest rule for `/api/tasks/:taskId` from `tasks.policy.js`, or make the GET route public if guest access is actually intended.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix(policy): remove dead guest read rule on authenticated task routes #3135

Context

Problem

Fix

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

fix(policy): remove dead guest read rule on authenticated task routes #3135

Description

Context

Problem

Fix

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions