feat(arch): implement soft delete for business-critical models

Adds SoftDeleteMixin (deleted_at + deleted_by_id) with automatic query
filtering via do_orm_execute event. Soft-deleted records are invisible
by default; bypass with execution_options={"include_deleted": True}.

Models: User, Merchant, Store, StoreUser, Customer, Order, Product,
LoyaltyProgram, LoyaltyCard.

Infrastructure:
- SoftDeleteMixin in models/database/base.py
- Auto query filter registered on SessionLocal and test sessions
- soft_delete(), restore(), soft_delete_cascade() in app/core/soft_delete.py
- Alembic migration adding columns to 9 tables
- Partial unique indexes on users.email/username, stores.store_code/subdomain

Service changes:
- admin_service: delete_user, delete_store → soft_delete/soft_delete_cascade
- merchant_service: delete_merchant → soft_delete_cascade (stores→children)
- store_team_service: remove_team_member → soft_delete (fixes is_active bug)
- product_service: delete_product → soft_delete
- program_service: delete_program → soft_delete_cascade

Admin API:
- include_deleted/only_deleted query params on admin list endpoints
- PUT restore endpoints for users, merchants, stores

Tests: 9 unit tests for soft-delete infrastructure.
Docs: docs/backend/soft-delete.md + follow-up proposals.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

app/modules/tenancy/routes/api/admin_merchants.py

@@ -124,6 +124,8 @@ def get_all_merchants(
     search: str | None = Query(None, description="Search by merchant name"),
     is_active: bool | None = Query(None),
     is_verified: bool | None = Query(None),
+    include_deleted: bool = Query(False, description="Include soft-deleted merchants"),
+    only_deleted: bool = Query(False, description="Show only soft-deleted merchants (trash view)"),
     db: Session = Depends(get_db),
     current_admin: UserContext = Depends(get_current_admin_api),
 ):
@@ -135,6 +137,8 @@ def get_all_merchants(
         search=search,
         is_active=is_active,
         is_verified=is_verified,
+        include_deleted=include_deleted,
+        only_deleted=only_deleted,
     )
 
     return MerchantListResponse(
@@ -403,3 +407,24 @@ def delete_merchant(
     db.commit()  # ✅ ARCH: Commit at API level for transaction control
 
     return {"message": f"Merchant {merchant_id} deleted successfully"}
+
+
+@admin_merchants_router.put("/{merchant_id}/restore")
+def restore_merchant(
+    merchant_id: int = Path(..., description="Merchant ID"),
+    db: Session = Depends(get_db),
+    current_admin: UserContext = Depends(get_current_admin_api),
+):
+    """
+    Restore a soft-deleted merchant (Admin only).
+
+    This only restores the merchant record itself.
+    Stores and their children must be restored separately.
+    """
+    from app.core.soft_delete import restore
+    from app.modules.tenancy.models import Merchant
+
+    restored = restore(db, Merchant, merchant_id, restored_by_id=current_admin.id)
+    db.commit()
+    logger.info(f"Merchant {merchant_id} restored by admin {current_admin.username}")
+    return {"message": f"Merchant '{restored.name}' restored successfully", "merchant_id": merchant_id}