[codex] require plural RBAC resources for route collections

[gandalf-at-lerian]

Summary

Make the Ring Access Manager standard explicit about RBAC resource naming for route collections.

Changed:

• Adds an RBAC Resource Naming section to the Go security standard.
• Requires plural RBAC resources when the protected public route is a plural collection.
• Keeps singular resources only for true singleton/non-collection route namespaces.
• Adds the check to the production-readiness security audit prompt.
• Fixes the structure audit reference example from protected("resource", ...) to protected("resources", ...).

Why

Ring already used plural examples such as "resources", "ledgers", "transactions", and "packages", but it did not state or enforce the rule clearly enough. That allowed generated code to protect /v1/payments with "payment".

Validation

• git diff --check
• git status + git rev-list + git push --dry-run

Requested by: @mrangelba

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 6b2d4228-b700-4f13-a742-c2e5b9900caa

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}