Membership signup verifies the card before email verification, so the
signup-bridge cookie set by /api/helcim/customer now satisfies auth in
verify-payment when no session exists. Adds a cloudflared tunnel script
for testing the Helcim flow locally against a production build.
