refactor: remove legacy /shop and /api/v1/shop dead code

After the storefront migration, no live routes mount under /api/v1/shop/.
Remove all dead code that detected/handled shop API requests: the
is_shop_api_request() method, the shop API dispatch branch in middleware,
the RequestContext.SHOP enum member (renamed to STOREFRONT), legacy path
prefixes in FrontendDetector, and all associated tests.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

app/api/deps.py

@@ -20,19 +20,19 @@ MERCHANT ROUTES (/merchants/*):
 - Role: store (merchant owners are store-role users who own merchants)
 - Validates: User owns the merchant via Merchant.owner_user_id
 
-CUSTOMER/SHOP ROUTES (/shop/account/*):
-- Cookie: customer_token (path=/shop) OR Authorization header
+CUSTOMER/STOREFRONT ROUTES (/storefront/account/*):
+- Cookie: customer_token (path=/storefront) OR Authorization header
 - Role: customer only
 - Blocks: admins, stores
-- Note: Public shop pages (/shop/products, etc.) don't require auth
+- Note: Public storefront pages (/storefront/products, etc.) don't require auth
 
 This dual authentication approach supports:
 - HTML pages: Use cookies (automatic browser behavior)
 - API calls: Use Authorization headers (explicit JavaScript control)
 
 The cookie path restrictions prevent cross-context cookie leakage:
-- admin_token is NEVER sent to /store/* or /shop/*
-- store_token is NEVER sent to /admin/* or /shop/*
+- admin_token is NEVER sent to /store/* or /storefront/*
+- store_token is NEVER sent to /admin/* or /storefront/*
 - customer_token is NEVER sent to /admin/* or /store/*
 """
 
@@ -1019,7 +1019,7 @@ def get_merchant_for_current_user_page(
 
 
 # ============================================================================
-# CUSTOMER AUTHENTICATION (SHOP)
+# CUSTOMER AUTHENTICATION (STOREFRONT)
 # ============================================================================
 
 
@@ -1095,7 +1095,7 @@ def _validate_customer_token(token: str, request: Request, db: Session):
         raise InvalidTokenException("Customer account is inactive")
 
     # Validate store context matches token
-    # This prevents using a customer token from store A on store B's shop
+    # This prevents using a customer token from store A on store B's storefront
     request_store = getattr(request.state, "store", None)
     if request_store and token_store_id:
         if request_store.id != token_store_id:
@@ -1123,8 +1123,8 @@ def get_current_customer_from_cookie_or_header(
     """
     Get current customer from customer_token cookie or Authorization header.
 
-    Used for shop account HTML pages (/shop/account/*) that need cookie-based auth.
-    Note: Public shop pages (/shop/products, etc.) don't use this dependency.
+    Used for storefront account HTML pages (/storefront/account/*) that need cookie-based auth.
+    Note: Public storefront pages (/storefront/products, etc.) don't use this dependency.
 
     Validates that token store_id matches request store (URL-based detection).
 
@@ -1164,7 +1164,7 @@ def get_current_customer_api(
     """
     Get current customer from Authorization header ONLY.
 
-    Used for shop API endpoints that should not accept cookies.
+    Used for storefront API endpoints that should not accept cookies.
     Validates that token store_id matches request store (URL-based detection).
 
     Args: