Avoid mass-assigning full Laravel request payloads
Eloquent writes should not use `$request->all()` or fully unguarded models for sensitive records.
#Metadata
#Why it matters
Raw request mass assignment lets attackers set privileged fields like role or account ownership.
#Remediation
Use validated DTO/request objects and explicit allowlists (`only`) for model writes, and avoid `$guarded = []` on sensitive models.
#Repository path
The generated metadata points to critiq-rules/libs/rules/catalog/rules/php/php.security.laravel-unsafe-mass-assignment.rule.yaml.