refactor(modules): marketplace install flow with checksum validation

Rewires module installation to use slug + version + checksum_sha256 instead of the opaque module identifier. ModuleInstaller splits marketplace token handling out of install() into helpers, adopts structured error responses, and validates the downloaded archive's SHA-256 against the marketplace manifest before unpacking.

ModuleResource is simplified to accept an already-loaded installed-module instance rather than fetching it from state, exposes access_tier and checksum fields, and drops the auto-disable-on-unpurchased side effect that was bleeding write logic into a read resource. UnzipUpdateRequest accepts a nullable module with a conditional module_name field so the same endpoint serves both app and module updates.

ModulesPolicy::manageModules now short-circuits for super-admins so administration flows (token validation, store state) are not blocked on a company-scoped ability. Two new feature tests cover both the authorization bypass and ModuleResource serialization.

app/Http/Requests/UnzipUpdateRequest.php

@@ -25,7 +25,11 @@ class UnzipUpdateRequest extends FormRequest
                 'regex:/^[\.\/\w\-]+$/',
             ],
             'module' => [
-                'required',
+                'nullable',
+                'string',
+            ],
+            'module_name' => [
+                'required_without:module',
                 'string',
             ],
         ];