feat: Add product images support with WP Media Library integration

- Add WP Media Library integration for product and variation images
- Support images array (URLs) conversion to attachment IDs
- Add images array to API responses (Admin & Customer SPA)
- Implement drag-and-drop sortable images in Admin product form
- Add image gallery thumbnails in Customer SPA product page
- Initialize WooCommerce session for guest cart operations
- Fix product variations and attributes display in Customer SPA
- Add variation image field in Admin SPA

Changes:
- includes/Api/ProductsController.php: Handle images array, add to responses
- includes/Frontend/ShopController.php: Add images array for customer SPA
- includes/Frontend/CartController.php: Initialize WC session for guests
- admin-spa/src/lib/wp-media.ts: Add openWPMediaGallery function
- admin-spa/src/routes/Products/partials/tabs/GeneralTab.tsx: WP Media + sortable images
- admin-spa/src/routes/Products/partials/tabs/VariationsTab.tsx: Add variation image field
- customer-spa/src/pages/Product/index.tsx: Add gallery thumbnails display

API_ROUTES.md

@@ -249,14 +249,89 @@ CustomersApi.search(query)  → GET /customers/search
 4. **Update this document** - Add new routes to registry
 5. **Test for conflicts** - Use testing methods above
 
+### Frontend Module (Customer-Facing) ✅ IMPLEMENTED
+
+#### **ShopController.php**
+```
+GET    /shop/products              # List products (public)
+GET    /shop/products/{id}         # Get single product (public)
+GET    /shop/categories            # List categories (public)
+GET    /shop/search                # Search products (public)
+```
+
+**Implementation Details:**
+- **List:** Supports pagination, category filter, search, orderby
+- **Single:** Returns detailed product info (variations, gallery, related products)
+- **Categories:** Returns categories with images and product count
+- **Search:** Lightweight product search (max 10 results)
+
+#### **CartController.php**
+```
+GET    /cart                       # Get cart contents
+POST   /cart/add                   # Add item to cart
+POST   /cart/update                # Update cart item quantity
+POST   /cart/remove                # Remove item from cart
+POST   /cart/apply-coupon          # Apply coupon to cart
+POST   /cart/remove-coupon         # Remove coupon from cart
+```
+
+**Implementation Details:**
+- Uses WooCommerce cart session
+- Returns full cart data (items, totals, coupons)
+- Public endpoints (no auth required)
+- Validates product existence before adding
+
+#### **AccountController.php**
+```
+GET    /account/orders             # Get customer orders (auth required)
+GET    /account/orders/{id}        # Get single order (auth required)
+GET    /account/profile            # Get customer profile (auth required)
+POST   /account/profile            # Update profile (auth required)
+POST   /account/password           # Update password (auth required)
+GET    /account/addresses          # Get addresses (auth required)
+POST   /account/addresses          # Update addresses (auth required)
+GET    /account/downloads          # Get digital downloads (auth required)
+```
+
+**Implementation Details:**
+- All endpoints require `is_user_logged_in()`
+- Order endpoints verify customer owns the order
+- Profile/address updates use WC_Customer class
+- Password update verifies current password
+
+**Note:**
+- Frontend routes are customer-facing (public or logged-in users)
+- Admin routes (ProductsController, OrdersController) are admin-only
+- No conflicts because frontend uses `/shop`, `/cart`, `/account` prefixes
+
+### WooCommerce Hook Bridge
+
+### Get Hooks for Context
+- **GET** `/woonoow/v1/hooks/{context}`
+- **Purpose:** Capture and return WooCommerce action hook output for compatibility with plugins
+- **Parameters:**
+  - `context` (required): 'product', 'shop', 'cart', or 'checkout'
+  - `product_id` (optional): Product ID for product context
+- **Response:** `{ success: true, context: string, hooks: { hook_name: html_output } }`
+- **Example:** `/woonoow/v1/hooks/product?product_id=123`
+
+---
+
+## Customer-Facing Frontend Routes are customer-facing (public or logged-in users)
+- Admin routes (ProductsController, OrdersController) are admin-only
+- No conflicts because frontend uses `/shop`, `/cart`, `/account` prefixes
+
 ### Reserved Routes (Do Not Use):
 ```
-/products          # ProductsController
-/orders            # OrdersController
-/customers         # CustomersController (future)
-/coupons           # CouponsController (future)
-/settings          # SettingsController
-/analytics         # AnalyticsController
+/products          # ProductsController (admin)
+/orders            # OrdersController (admin)
+/customers         # CustomersController (admin)
+/coupons           # CouponsController (admin)
+/settings          # SettingsController (admin)
+/analytics         # AnalyticsController (admin)
+/shop              # ShopController (customer)
+/cart              # CartController (customer)
+/account           # AccountController (customer)
 ```
 
 ### Safe Action Routes: