refactor: extract cart storage to dedicated API controller with dynamic frontend URLs

- Added dedicated CartsController for session-based cart storage
- Refactored routes to use POST /api/v1/carts/store
- Updated ticket selection JS to use dynamic data attributes for URLs
- Fixed CSRF protection in API and checkout payment increment
- Made checkout button URLs dynamic via data attributes
- Updated tests for new cart storage endpoint
- Removed obsolete store_cart from EventsController

app/views/events/show.html.erb

@@ -135,8 +135,12 @@
               controller: "ticket-selection",
               ticket_selection_target: "form",
               ticket_selection_event_slug_value: @event.slug,
-              ticket_selection_event_id_value: @event.id
-            } do |form| %>
+    ticket_selection_event_id_value: @event.id,
+    ticket_selection_order_new_url_value: event_order_new_path(@event.slug, @event.id),
+    ticket_selection_store_cart_url_value: api_v1_store_cart_path,
+    ticket_selection_order_new_url_value: event_order_new_path(@event.slug, @event.id),
+    ticket_selection_store_cart_url_value: api_v1_store_cart_path
+  } do |form| %>
 
               <div class="bg-gradient-to-br from-purple-50 to-indigo-50 rounded-2xl border border-purple-100 p-6 shadow-sm">
                 <div class="flex justify-center sm:justify-start mb-6">