fix(billing): resolve code-review findings (authz, cross-billing, validation, webhook integrity)

- C1/H4: rating cron only rates subs on the charge's own plan_id
- C1: _fc_rate_usage skips creating a line when amount is 0 (still updates existing)
- C2/C4: /usage authorizes each event (exists + is_subscription + linked customer)
- C3: API handlers validate input and return 4xx-shaped errors instead of raising;
       controller maps status=='error' to HTTP 400
- H1: cron uses real billing window [last_invoice_date or start_date, next_invoice_date)
- H2: _aggregate uses half-open window anchored on period_start
- H3: idempotency scoped to (subscription_id, metric_id, idempotency_key)
- H5: webhook stores canonical body, signs+POSTs it verbatim, adds X-Fusion-Event-Id,
       caps backoff at 2**min(attempts,10)
- H6: SSRF guard rejects non-https / localhost / private / link-local webhook_url
- M7: charge_model reduced to standard/package (dropped unimplemented graduated/volume)
- L1: currency_id required on charge + reconciliation
- L2: charge price non-negative + unit_batch positive DB constraints

Adds 17 regression tests (suite 22 -> 39, all green via fcb_test_on_trial.sh).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

fusion_centralize_billing/controllers/api.py

@@ -56,7 +56,10 @@ class FusionBillingApi(http.Controller):
         payload = self._read_json()
         if payload is None:
             return self._json({"error": "invalid json"}, status=400)
-        return self._json(service._api_upsert_customer(payload))
+        result = service._api_upsert_customer(payload)
+        if result.get("status") == "error":
+            return self._json(result, status=400)
+        return self._json(result)
 
     @http.route(f"{API_BASE}/usage", type="http", auth="none", methods=["POST"], csrf=False)
     def post_usage(self, **kw):
@@ -66,7 +69,10 @@ class FusionBillingApi(http.Controller):
         payload = self._read_json()
         if payload is None:
             return self._json({"error": "invalid json"}, status=400)
-        return self._json(service._api_record_usage(payload), status=202)
+        result = service._api_record_usage(payload)
+        if result.get("status") == "error":
+            return self._json(result, status=400)
+        return self._json(result, status=202)
 
     @http.route(f"{API_BASE}/plans", type="http", auth="none", methods=["GET"], csrf=False)
     def get_plans(self, **kw):
@@ -83,4 +89,7 @@ class FusionBillingApi(http.Controller):
         payload = self._read_json()
         if payload is None:
             return self._json({"error": "invalid json"}, status=400)
-        return self._json(service._api_create_subscription(payload))
+        result = service._api_create_subscription(payload)
+        if result.get("status") == "error":
+            return self._json(result, status=400)
+        return self._json(result)