fix: make module settings GET endpoint public

- Shop page and other customer pages need to read module settings
- Settings are non-sensitive configuration values (e.g. wishlist display)
- POST endpoint remains admin-only for security
- Fixes 401 errors on shop page for /modules/wishlist/settings

includes/Api/ModuleSettingsController.php

@@ -32,12 +32,12 @@ class ModuleSettingsController extends WP_REST_Controller {
      * Register routes
      */
     public function register_routes() {
-        // GET /woonoow/v1/modules/{module_id}/settings
+        // GET /woonoow/v1/modules/{module_id}/settings (public - needed by frontend)
         register_rest_route($this->namespace, '/' . $this->rest_base . '/(?P<module_id>[a-zA-Z0-9_-]+)/settings', [
             [
                 'methods' => WP_REST_Server::READABLE,
                 'callback' => [$this, 'get_settings'],
-                'permission_callback' => [$this, 'check_permission'],
+                'permission_callback' => '__return_true', // Public: settings are non-sensitive, needed by customer pages
                 'args' => [
                     'module_id' => [
                         'required' => true,