feat: add SQL query tool, platform debug, loyalty settings, and multi-module improvements

- Add admin SQL query tool with saved queries, schema explorer presets,
  and collapsible category sections (dev_tools module)
- Add platform debug tool for admin diagnostics
- Add loyalty settings page with owner-only access control
- Fix loyalty settings owner check (use currentUser instead of window.__userData)
- Replace HTTPException with AuthorizationException in loyalty routes
- Expand loyalty module with PIN service, Apple Wallet, program management
- Improve store login with platform detection and multi-platform support
- Update billing feature gates and subscription services
- Add store platform sync improvements and remove is_primary column
- Add unit tests for loyalty (PIN, points, stamps, program services)
- Update i18n translations across dev_tools locales

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

app/modules/loyalty/services/pin_service.py

@@ -291,9 +291,8 @@ class PinService:
 
                 return pin
 
-        # No match found - record failed attempt on all unlocked PINs
-        # This is a simplified approach; in production you might want to
-        # track which PIN was attempted based on additional context
+        # No match found - record failed attempt on the first unlocked PIN only
+        # This limits blast radius to 1 lockout instead of N
         locked_pin = None
         remaining = None
 
@@ -306,7 +305,8 @@ class PinService:
                 if is_now_locked:
                     locked_pin = pin
                 else:
-                    remaining = pin.remaining_attempts
+                    remaining = max(0, config.pin_max_failed_attempts - pin.failed_attempts)
+                break  # Only record on the first unlocked PIN
 
         db.commit()