Move authentication check into assertCan() method

This will cause the right error (HTTP 401) to be thrown whenever
we're checking for a specific permission, but the user is not even
logged in. Authenticated users will still get HTTP 403.

src/Group/Command/CreateGroupHandler.php

@@ -49,7 +49,6 @@ class CreateGroupHandler
         $actor = $command->actor;
         $data = $command->data;
 
-        $this->assertRegistered($actor);
         $this->assertCan($actor, 'createGroup');
 
         $group = Group::build(