feat(loyalty): production readiness round 2 — 12 security, integrity & correctness fixes

Security:
- Fix TOCTOU race conditions: move balance/limit checks after row lock in redeem_points, add_stamp, redeem_stamps
- Add PIN ownership verification to update/delete/unlock store routes
- Gate adjust_points endpoint to merchant_owner role only

Data integrity:
- Track total_points_voided in void_points
- Add order_reference idempotency guard in earn_points

Correctness:
- Fix LoyaltyProgramAlreadyExistsException to use merchant_id parameter
- Add StorefrontProgramResponse excluding wallet IDs from public API
- Add bounds (±100000) to PointsAdjustRequest.points_delta

Audit & config:
- Add CARD_REACTIVATED transaction type with audit record
- Improve admin audit logging with actor identity and old values
- Use merchant-specific PIN lockout settings with global fallback
- Guard MerchantLoyaltySettings creation with get_or_create pattern

Tests: 27 new tests (265 total) covering all 12 items — unit and integration.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

app/modules/loyalty/routes/api/storefront.py

@@ -24,6 +24,7 @@ from app.modules.loyalty.schemas import (
     CardResponse,
     ProgramResponse,
 )
+from app.modules.loyalty.schemas.program import StorefrontProgramResponse
 from app.modules.loyalty.services import card_service, program_service, wallet_service
 from app.modules.tenancy.exceptions import StoreNotFoundException
 from middleware.decorators import rate_limit
@@ -55,7 +56,7 @@ def get_program_info(
     if not program:
         return None
 
-    response = ProgramResponse.model_validate(program)
+    response = StorefrontProgramResponse.model_validate(program)
     response.is_stamps_enabled = program.is_stamps_enabled
     response.is_points_enabled = program.is_points_enabled
     response.display_name = program.display_name