feat(101-01): lock local checkout session contract

- reject persisted local checkout sessions for non-braintree processors
- document portal base URL as the required absolute host for local portal URLs

Author: szTheory

accrue/lib/accrue/checkout/local_session.ex

@@ -49,11 +49,14 @@ defmodule Accrue.Checkout.LocalSession do
     status price_id
   ]a
 
+  @processors ["braintree"]
+
   @spec changeset(t(), map()) :: Ecto.Changeset.t()
   def changeset(session, attrs \\ %{}) do
     session
     |> cast(attrs, @cast_fields)
     |> validate_required(@required_fields)
+    |> validate_inclusion(:processor, @processors, message: "must be braintree")
     |> foreign_key_constraint(:customer_id)
     |> unique_constraint(:session_token)
     |> unique_constraint(:operation_id)

accrue/lib/accrue/config.ex

@@ -167,8 +167,10 @@ defmodule Accrue.Config do
       type: {:or, [:string, nil]},
       default: nil,
       doc:
-        "Optional absolute base URL (for example `https://app.example.com`) " <>
-          "required for returned local portal checkout and billing-portal URLs."
+        "Absolute base URL (for example `https://app.example.com`) used to " <>
+          "generate returned local portal checkout and billing-portal URLs. " <>
+          "Leave unset only when those local portal URLs are not in use; " <>
+          "`portal_url/1` raises instead of falling back to a relative path."
     ],
     braintree_client_token_generator: [
       type: :atom,