OnSched API 3.7.2 - controller error status and correctness fixes

API

API controllers now use typed error responses for invalid payloads, missing records, external integration failures, and unsupported external calendar states.
POST /v3/customer: Duplicate customer email attempts now return 409 Conflict instead of a generic server error.

PUT /v3/appointment/{id}/cancel: Cancels now require write access to the authenticated company appointment and no longer allow a request scoped to one company to cancel another company's appointment.
PUT /v3/appointment/{id}/reschedule: Successful reschedule audit events are keyed to the new appointment ID so GET /v3/appointment/{newId}/audit returns the success event.
GET /v3/appointments: Date-only from / to filters now use the shared resource timezone when resourceIds are supplied without a locationId and all matching resources share one timezone.

GET / PUT / DELETE / regenerateAuthUrl on /v3/resource/{id}/externalCalendar/{externalCalendarId}: The path resource must belong to the authenticated company, and the external calendar must belong to that resource.
GET /v3/resource/{id}/externalCalendars/list: Pending OAuth shells are ignored when inferring the connected provider, and connected rows with refresh tokens are preferred.
DELETE /v3/resource/{id}/externalCalendar/{externalCalendarId}: Disconnecting a provider removes only sibling calendar rows that share the revoked refresh token instead of removing unrelated provider connections on the same resource.