FRE-5398: Fix invoice endpoint customer IDOR (M-3)

- Make verifyCustomerOwnership public in BillingService
- Add ownership verification before fetching invoice history
- Returns 403 if customerId does not belong to authenticated user

Co-Authored-By: Paperclip <noreply@paperclip.ing>

packages/shared-billing/src/services/billing.service.ts

@@ -37,7 +37,7 @@ export class BillingService {
     }
   }
 
-  private async verifyCustomerOwnership(
+  async verifyCustomerOwnership(
     customerId: string,
     userId: string
   ): Promise<void> {