Fix phantom payment bugs in Stripe payment type

[alecritson]

Three entangled bugs in the Stripe package allowed Stripe-side succeeded payments to leave no local trace, hiding double-charges from operators:

StripeManager::getCartIntentId referenced an undefined $cartModel variable, silently breaking the legacy cart meta payment_intent fallback (the null-coalesce always fell through).

StripePaymentType::authorize retrieved the Stripe PaymentIntent after attempting cart->createOrder(). When createOrder threw a CartException (e.g. abandoned cart with no addresses), the catch returned a failure DTO without ever syncing the PI status from Stripe, leaving lunar_stripe_payment_intents.status null for a row whose charge had already succeeded server-side. No transaction, no failed_jobs entry, no operator visibility.

StripePaymentIntent::scopeActive was correct, but because the status was never written for the orphan case above, succeeded PIs continued to look "active" in queries and were re-fetched by getCartIntentId on subsequent requests.

Reorder authorize() so the PaymentIntent is retrieved and its status persisted to the local row before any order work is attempted. When createOrder fails on a Stripe-side succeeded PI, mark the row processed_at and dispatch a new OrphanedPaymentIntentDetected event so operators can reconcile. Non-succeeded PI failures keep their existing failure-DTO behaviour but now also leave a correct local status.

Tests cover the legacy meta lookup, both branches of the order-fail path, and the active-scope contract.