Add live Stripe card charges (PaymentIntent + Elements + webhook)

Completes the deferred half of payments: real credit-card processing on
top of the existing ledger/e-transfer/comp foundation.

- StripeGateway wraps stripe/stripe-php: creates idempotent PaymentIntents
  (amount in cents, registration ids in metadata) and verifies webhook
  signatures. Stripe calls sit behind protected seams for unit testing.
- PaymentService::createIntent resolves the client-side step for a new
  registration (card → client secret; e-transfer → display data; comp →
  none) with caller-ownership enforcement.
- PaymentService::handleWebhook finalises a payment exactly once on
  payment_intent.succeeded (mark paid → confirm → receipt) and marks it
  failed on payment_intent.payment_failed.
- PaymentEndpoint: POST /payments/intent (book_lesson) and public,
  signature-verified POST /payments/webhook.
- PaymentRepository: setStripeIntentId / findByStripeIntentId.
- StudioSettings: us_stripe_webhook_secret option, with the webhook URL
  and required events surfaced on the settings page.
- Front end: shared payment.js mounts Stripe Payment Elements and confirms
  the card (or shows e-transfer instructions); Stripe.js enqueued only when
  configured. Wired into booking and group-class flows.

Tests: new StripeGatewayTest; PaymentService card-intent + webhook cases;
repository coverage. composer test/lint/cs all green.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

src/Payment/StudioSettings.php

@@ -9,6 +9,7 @@ class StudioSettings {
 
 	public const OPT_PUBLISHABLE     = 'us_stripe_publishable_key';
 	public const OPT_SECRET          = 'us_stripe_secret_key';
+	public const OPT_WEBHOOK_SECRET  = 'us_stripe_webhook_secret';
 	public const OPT_MODE            = 'us_stripe_mode';
 	public const OPT_CURRENCY        = 'us_currency';
 	public const OPT_ETRANSFER_EMAIL = 'us_etransfer_email';
@@ -22,6 +23,14 @@ class StudioSettings {
 		return (string) get_option( self::OPT_SECRET, '' );
 	}
 
+	/**
+	 * The Stripe webhook signing secret (`whsec_…`) used to verify that incoming
+	 * webhook requests genuinely came from Stripe. Empty until configured.
+	 */
+	public function webhookSecret(): string {
+		return (string) get_option( self::OPT_WEBHOOK_SECRET, '' );
+	}
+
 	public function mode(): string {
 		return 'live' === get_option( self::OPT_MODE, 'test' ) ? 'live' : 'test';
 	}
@@ -66,6 +75,8 @@ class StudioSettings {
 
 		$publishableKey   = $this->publishableKey();
 		$secretKey        = $this->secretKey();
+		$webhookSecret    = $this->webhookSecret();
+		$webhookUrl       = rest_url( 'us-scheduler/v1/payments/webhook' );
 		$mode             = $this->mode();
 		$currency         = $this->currency();
 		$etransferEmail   = $this->etransferEmail();
@@ -81,6 +92,7 @@ class StudioSettings {
 		$mode = sanitize_key( wp_unslash( $_POST['mode'] ?? 'test' ) );
 		update_option( self::OPT_PUBLISHABLE, sanitize_text_field( wp_unslash( $_POST['publishable_key'] ?? '' ) ) );
 		update_option( self::OPT_SECRET, sanitize_text_field( wp_unslash( $_POST['secret_key'] ?? '' ) ) );
+		update_option( self::OPT_WEBHOOK_SECRET, sanitize_text_field( wp_unslash( $_POST['webhook_secret'] ?? '' ) ) );
 		update_option( self::OPT_MODE, 'live' === $mode ? 'live' : 'test' );
 		update_option( self::OPT_CURRENCY, strtoupper( sanitize_text_field( wp_unslash( $_POST['currency'] ?? 'CAD' ) ) ) );
 		update_option( self::OPT_ETRANSFER_EMAIL, sanitize_email( wp_unslash( $_POST['etransfer_email'] ?? '' ) ) );