Remove capabilities e.g. 'read' from WordPress.WP.Capabilities

[kkmuffme]

Is your feature request related to a problem?

Checking 'read' capability is technically correct, however practically this doesn't make particular sense, since this is a permission all users have.
I'd like to be able to remove this capability from the rule via config, as most likely this current_user_can check is not safe enough.

Describe the solution you'd like

Config to remove default WP capabilities or remove it by default

Additional context (optional)

• I intend to create a pull request to implement this feature.

[jrfnl]

Closing as the WordPress.WP.Capabilities is not about whether the right capability is used in specific circumstances, but about making sure that capabilities are used which are not deprecated and are not roles.

Making the capabilities configurable would break the principle of this sniff and is therefore not on the table.

I can imagine a (new) sniff which checks that a minimum capability is used in combination with certain functions, but that's a completely different request and would need a lot of bike shedding to even get a viable outline on which to base the sniff.