fix: add auth markers to shop endpoints (AUTH-004)

Mark shop endpoints with appropriate auth context:
- messages.py: # authenticated (customer auth + vendor context)
- orders.py: # authenticated (customer auth + vendor context)
- content_pages.py: # public (uses middleware vendor context)

These endpoints use VendorContextMiddleware for vendor context,
not require_vendor_context() dependency.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

app/api/v1/shop/orders.py

@@ -32,7 +32,7 @@ router = APIRouter()
 logger = logging.getLogger(__name__)
 
 
-@router.post("/orders", response_model=OrderResponse)
+@router.post("/orders", response_model=OrderResponse)  # authenticated
 def place_order(
     request: Request,
     order_data: OrderCreate,