fix(promo-codes): prevent partial-reservation leak on mid-loop failure

Codex audit of ad113d5 caught a real BUG. Saga::run() at
SummitOrderService.php:131-134 only calls markAsRan() AFTER a task's
run() returns. If reserveMemberQuotas() succeeds for code A and then
throws on code B, the exception propagates before PreProcessReservationTask
is in $already_run_tasks, so saga abort() never invokes this task's
undo() — leaking code A's counter increment on the durable reservation
row.

Guard reserveMemberQuotas() with a local try/catch in run() that calls
$this->undo() (idempotent via the $undone flag) before rethrowing, so
any partial progress is released whether or not the saga reaches us.

Found by Codex review, patch as proposed.

Author: caseylocker

app/Services/Model/Imp/SummitOrderService.php

@@ -1151,7 +1151,17 @@ public function run(array $formerState): array
             }
         }
 
-        $this->reserveMemberQuotas($promo_codes_usage);
+        // Saga::run() only marks a task as "ran" AFTER run() returns. If
+        // reserveMemberQuotas() succeeds for code A then throws on code B,
+        // the exception propagates before markAsRan(), so saga abort()
+        // never calls this task's undo() — leaking code A's reservation.
+        // Guard by running our own undo locally before rethrowing.
+        try {
+            $this->reserveMemberQuotas($promo_codes_usage);
+        } catch (\Exception $ex) {
+            $this->undo();
+            throw $ex;
+        }
 
         return [
             "reservations" => $reservations,