Validate order products against catalog

[fuzziecoder]

Title

fix: enforce catalog integrity for order item creation
 
Body
Order items currently accept arbitrary name and unitPrice. Validate productId against catalog and compute trusted values server-side.
 
Acceptance Criteria

• Unknown productId is rejected.
• Backend derives item name/price from catalog.
• Client-provided price cannot override catalog value.

[dharapandya85]

Please assign me this issue.