feat(api): .NET 10 multi-tenant REST API

Full backend implementation:
- Multi-tenant cafe/restaurant management (menus, orders, tables, staff)
- POS order flow with ZarinPal and Snappfood payment integration
- OTP authentication via Kavenegar SMS
- QR digital menu with public discover/finder endpoints
- Customer loyalty, coupons, CRM
- PostgreSQL via EF Core, Redis for caching/sessions
- Background jobs, webhook handlers
- Full migration history

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

src/Meezi.API/Controllers/TerminalsController.cs

@@ -0,0 +1,55 @@
+using Microsoft.AspNetCore.Mvc;
+using Meezi.Core.Constants;
+using Meezi.Core.Enums;
+using Meezi.Core.Interfaces;
+using Meezi.API.Services;
+using Meezi.Shared;
+
+namespace Meezi.API.Controllers;
+
+[Route("api/cafes/{cafeId}/terminals")]
+public class TerminalsController : CafeApiControllerBase
+{
+    private readonly ITerminalRegistryService _terminals;
+
+    public TerminalsController(ITerminalRegistryService terminals) => _terminals = terminals;
+
+    [HttpPost("register")]
+    public async Task<IActionResult> Register(
+        string cafeId,
+        [FromBody] RegisterTerminalRequest request,
+        ITenantContext tenant,
+        CancellationToken ct)
+    {
+        if (EnsureCafeAccess(cafeId, tenant) is { } denied) return denied;
+        var tier = tenant.PlanTier ?? PlanTier.Free;
+        var (allowed, code, message) = await _terminals.RegisterAsync(cafeId, tier, request.TerminalId, ct);
+        if (!allowed)
+            return StatusCode(403, new ApiResponse<object>(false, null, new ApiError(code!, message!)));
+
+        return Ok(new ApiResponse<object>(true, new { registered = true }));
+    }
+
+    [HttpGet]
+    public async Task<IActionResult> List(string cafeId, ITenantContext tenant, CancellationToken ct)
+    {
+        if (EnsureCafeAccess(cafeId, tenant) is { } denied) return denied;
+        var list = await _terminals.ListAsync(cafeId, ct);
+        var max = PlanLimits.MaxTerminals(tenant.PlanTier ?? PlanTier.Free);
+        return Ok(new ApiResponse<object>(true, new { terminals = list, max }));
+    }
+
+    [HttpDelete("{terminalId}")]
+    public async Task<IActionResult> Revoke(
+        string cafeId,
+        string terminalId,
+        ITenantContext tenant,
+        CancellationToken ct)
+    {
+        if (EnsureCafeAccess(cafeId, tenant) is { } denied) return denied;
+        await _terminals.RevokeAsync(cafeId, terminalId, ct);
+        return Ok(new ApiResponse<object>(true, new { revoked = true }));
+    }
+}
+
+public record RegisterTerminalRequest(string TerminalId);