refactor: decompose rule decoders, and refactor permission decoding

[jeffsmale90]

Explanation

Refactor of permission decoding logic in order to:

• clarify terminology (decoders rather than rules - rule is a highly overloaded term)
• make rule (as in 7155 rules) more composable, rather than inherently part of the decoding process
• prepare the permission decoders for potential decomposition into a separate package
  no functional change, therefore no changelog required

References

Checklist

• I've updated the test suite for new or updated code as appropriate
• I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate
• I've communicated my changes to consumers by updating changelogs for packages I've changed
• I've introduced breaking changes in this PR and have prepared draft pull requests for clients and consumer packages to resolve them

---

Note

Medium Risk
Refactors the core permission identification/decoding path (rule matching, validation, and reconstructed output), so subtle mismatches in enforcer selection or rule extraction could change which permission type is detected or what rules/expiry are returned.

Overview
Refactors permission decoding to use permission decoders (terminology change from “rules”) and removes the old decodePermission/rules implementation, including findRuleWithMatchingCaveatAddresses.

Decoding is now driven by createPermissionDecodersForContracts + findDecodersWithMatchingCaveatAddresses and disambiguation via selectUniqueDecoderAndDecodedPermission, with rule extraction split into composable RuleDecoders (new expiry, redeemer, and native/ERC20 payee decoders).

Adds EXECUTION_PERMISSION_EXPIRY_RULE_TYPE and updates tests to reflect the new decoder APIs and to assert the new rule decoding behavior (including emitting an expiry rule and hoisting its timestamp to top-level expiry).

^{Reviewed by Cursor Bugbot for commit f097d31. Bugbot is set up for automated code reviews on this repo. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit f94844b. Configure here.}

[mj-kiwi]

Only minor comment tweaks, otherwise LGTM.

[mj-kiwi]

I think the return type should be Rule | null

[mj-kiwi]

I think the return type should be Rule | null

[mj-kiwi]

I think the return type should be Rule | null

[mj-kiwi]

I think the address and signer fields that don't exist — the actual output uses from and to. Also omits origin and rules fields.

[jeffsmale90]

👍 I removed that entire section of the comment as I think it's unnecessary, given we document the return type

[mj-kiwi]

RedeemerEnforcer, AllowedCalldataEnforcer, and AllowedTargetsEnforcer are also optional.

[jeffsmale90]

I'm removing this function in it's entirety as it's no longer used.

[mj-kiwi]

LGTM. Just wondering if we should note this breaking change in the changelog.