fix: resolve 3 code review issues in allow_user_refund

1. PrepareRefund: block refund on provider instance lookup failure
   instead of silently skipping permission check (medium severity)

2. UpdateProviderInstance: allow enabling refund_enabled and
   allow_user_refund in the same request by checking req.RefundEnabled
   value before falling back to DB read

3. ExecuteRefund: only revoke subscription on ErrAdjustWouldExpire,
   abort on other errors (DB failure, not found) instead of
   unconditionally revoking

backend/internal/service/payment_config_providers.go

@@ -231,10 +231,18 @@ func (s *PaymentConfigService) UpdateProviderInstance(ctx context.Context, id in
 		}
 	}
 	if req.AllowUserRefund != nil {
-		// Only allow enabling when refund_enabled is true
+		// Only allow enabling when refund_enabled is (or will be) true
 		if *req.AllowUserRefund {
-			inst, err := s.entClient.PaymentProviderInstance.Get(ctx, id)
-			if err == nil && inst.RefundEnabled {
+			refundEnabled := false
+			if req.RefundEnabled != nil {
+				refundEnabled = *req.RefundEnabled
+			} else {
+				inst, err := s.entClient.PaymentProviderInstance.Get(ctx, id)
+				if err == nil {
+					refundEnabled = inst.RefundEnabled
+				}
+			}
+			if refundEnabled {
 				u.SetAllowUserRefund(true)
 			}
 		} else {