feat(xerrors)!: promote to v1.0.0 — add Unauthorized and PermissionDenied constructors

Add Unauthorized and PermissionDenied convenience constructors to complete the
set of the five most-used error codes (InvalidInput, NotFound, Internal,
Unauthorized, PermissionDenied). All roadmap items from v0.9.0 resolved.
API committed as stable.

xerrors_test.go

@@ -70,6 +70,26 @@ func TestConvenienceConstructors(t *testing.T) {
 			t.Errorf("unexpected message: %s", err.message)
 		}
 	})
+
+	t.Run("Unauthorized", func(t *testing.T) {
+		err := Unauthorized("token expired for %s", "uid1")
+		if err.code != ErrUnauthorized {
+			t.Errorf("expected code %s, got %s", ErrUnauthorized, err.code)
+		}
+		if err.message != "token expired for uid1" {
+			t.Errorf("unexpected message: %s", err.message)
+		}
+	})
+
+	t.Run("PermissionDenied", func(t *testing.T) {
+		err := PermissionDenied("role %s cannot delete", "viewer")
+		if err.code != ErrPermissionDenied {
+			t.Errorf("expected code %s, got %s", ErrPermissionDenied, err.code)
+		}
+		if err.message != "role viewer cannot delete" {
+			t.Errorf("unexpected message: %s", err.message)
+		}
+	})
 }
 
 func TestErr_Error(t *testing.T) {