fix: add auth markers to shop endpoints (AUTH-004)

Mark shop endpoints with appropriate auth context:
- messages.py: # authenticated (customer auth + vendor context)
- orders.py: # authenticated (customer auth + vendor context)
- content_pages.py: # public (uses middleware vendor context)

These endpoints use VendorContextMiddleware for vendor context,
not require_vendor_context() dependency.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

app/api/v1/shop/content_pages.py

@@ -51,7 +51,7 @@ class ContentPageListItem(BaseModel):
 # ============================================================================
 
 
-@router.get("/navigation", response_model=list[ContentPageListItem])
+@router.get("/navigation", response_model=list[ContentPageListItem])  # public
 def get_navigation_pages(request: Request, db: Session = Depends(get_db)):
     """
     Get list of content pages for navigation (footer/header).

app/api/v1/shop/messages.py

@@ -60,7 +60,7 @@ class SendMessageResponse(BaseModel):
 # ============================================================================
 
 
-@router.get("/messages", response_model=ConversationListResponse)
+@router.get("/messages", response_model=ConversationListResponse)  # authenticated
 def list_conversations(
     request: Request,
     skip: int = Query(0, ge=0),

app/api/v1/shop/orders.py

@@ -32,7 +32,7 @@ router = APIRouter()
 logger = logging.getLogger(__name__)
 
 
-@router.post("/orders", response_model=OrderResponse)
+@router.post("/orders", response_model=OrderResponse)  # authenticated
 def place_order(
     request: Request,
     order_data: OrderCreate,