[12.x] Introduce excludeCan method

[utsavsomaiya]

Why

Consider a multi-tenant CRM system where access to routes is controlled by user permissions:

• manage-company: Allows access to company-wide settings like billing, domains, etc.
• manage-users: Allows access to manage user profiles (e.g., invite, remove, assign roles).

We group routes like this:

Route::can('manage-company')->group(function () {
    Route::get('/company/settings', ...); // Only for those who can manage the company

    Route::excludeCan('manage-company')->can('manage-users')->get('/users', ...);
    // Even if user cannot manage the company, they can manage users if they have that specific permission
});

This is useful when you have department heads or team leads who should be allowed to manage their team members but not have access to sensitive company-wide settings.

Alternative

// Group that requires 'manage-company'
Route::middleware('can:manage-company')->group(function () {
    Route::get('/company/settings', ...);
});

// Group that requires only 'manage-users'
Route::middleware('can:manage-users')->get('/users', ...);

While this works, it has two limitations:

1. Splits route structure: If /users logically belongs within the /company section (e.g., in breadcrumbs, navigation), you lose that grouping clarity.
2. Harder to maintain when nesting deeply: If you're doing complex nesting (e.g., can:manage-company -> can:manage-users -> exclude parent), this gets messy and repetitive.

[taylorotwell]

Thanks for your pull request to Laravel!

Unfortunately, I'm going to delay merging this code for now. To preserve our ability to adequately maintain the framework, we need to be very careful regarding the amount of code we include.

If applicable, please consider releasing your code as a package so that the community can still take advantage of your contributions!