Add live Stripe card charges (PaymentIntent + Elements + webhook)

Completes the deferred half of payments: real credit-card processing on
top of the existing ledger/e-transfer/comp foundation.

- StripeGateway wraps stripe/stripe-php: creates idempotent PaymentIntents
  (amount in cents, registration ids in metadata) and verifies webhook
  signatures. Stripe calls sit behind protected seams for unit testing.
- PaymentService::createIntent resolves the client-side step for a new
  registration (card → client secret; e-transfer → display data; comp →
  none) with caller-ownership enforcement.
- PaymentService::handleWebhook finalises a payment exactly once on
  payment_intent.succeeded (mark paid → confirm → receipt) and marks it
  failed on payment_intent.payment_failed.
- PaymentEndpoint: POST /payments/intent (book_lesson) and public,
  signature-verified POST /payments/webhook.
- PaymentRepository: setStripeIntentId / findByStripeIntentId.
- StudioSettings: us_stripe_webhook_secret option, with the webhook URL
  and required events surfaced on the settings page.
- Front end: shared payment.js mounts Stripe Payment Elements and confirms
  the card (or shows e-transfer instructions); Stripe.js enqueued only when
  configured. Wired into booking and group-class flows.

Tests: new StripeGatewayTest; PaymentService card-intent + webhook cases;
repository coverage. composer test/lint/cs all green.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

docs/features/payments.md

@@ -11,12 +11,13 @@ numbered receipt is emailed automatically when a payment is marked paid.
 
 > **Implemented:** the payment ledger, studio settings, method resolution
 > (e-transfer default with no Stripe; card default when configured; per-student
-> override), the e-transfer/comp flow with admin confirmation + receipts, and
+> override), the e-transfer/comp flow with admin confirmation + receipts,
 > integration into booking/enrolment (a registration's `payment_id` is linked;
-> comp auto-confirms; e-transfer stays pending until confirmed).
-> **Deferred to a follow-up:** the live Stripe card charge (PaymentIntent +
-> Stripe.js Elements + webhook + `stripe/stripe-php`). Until then a `card`
-> payment is created `pending` and can be confirmed like an e-transfer.
+> comp auto-confirms; e-transfer stays pending until confirmed), and the **live
+> Stripe card charge** — a PaymentIntent created on `POST /payments/intent`,
+> confirmed in the browser with Stripe.js Payment Elements, and finalised by the
+> `POST /payments/webhook` handler (signature-verified) on
+> `payment_intent.succeeded`. Uses the `stripe/stripe-php` SDK.
 
 ## Stripe Configuration
 Stripe credentials live in WordPress options, managed on the **Studio Settings**
@@ -26,6 +27,7 @@ page (`manage_billing`, studio admin only):
 |------------------------------|----------------------------------------|
 | `us_stripe_publishable_key`  | Stripe publishable key                 |
 | `us_stripe_secret_key`       | Stripe secret key                      |
+| `us_stripe_webhook_secret`   | Webhook signing secret (`whsec_…`)     |
 | `us_stripe_mode`             | `test` or `live`                       |
 | `us_currency`                | Default ISO 4217 currency, e.g. `CAD`  |
 | `us_etransfer_email`         | Studio-default e-transfer destination  |