Remove usage of can? from base_policy

What does this MR do and why?

This MR is just a minor refactor to avoid the usage of can? in the base_policy.

I have an MR up for eventually enabling a cop that prevents the use of can? in policy files: !203916

The trusted_reader condition works because both the admin and auditor rules enable :read_all_resources