ORDER-560 - Retrieve paginated list of commercial orders

Returns the paginated list of commercial orders for the caller.

    **User scoping**<br>
    - Only `ACCOUNT` clients are allowed for this front-office route.<br><br>

    **Store scoping**<br>
    - Effective store is the `dj-store` header if provided, otherwise the tenant default store.<br>
    - The caller must belong to the effective store; otherwise 403.<br><br>

    **Visibility**<br>
    - Results are limited to the caller’s authorised perimeter (store membership + role).<br><br>

    **Locales**<br>
    - `locale` (IETF BCP 47) is **required** and drives label localisation in the response.<br><br>

    **Scope**<br>
    - Returns **commercial order headers** with snapshots and price summaries (no full logistic detail).<br>
    - Each item includes `sourceType` and `sourceId` so the client can report/filter by order source (e.g., Operation).<br>
    - Logistic details may be partially included via `nbPreviewLines`.<br><br>

    **Filters**<br>
    - AND between different keys; OR between values of the same key. Unknown values are ignored; empty lists mean no filter.<br>
    - Supported server-side filters: `connectedUserOnly`, `customerAccountIds`, `isValidated`, `nbPreviewLines`.<br><br>

    **Sorting**<br>
    - Server-side sorting uses `sort=field:direction`. Multiple criteria supported (comma-separated).<br>
    - Supported fields: `createdAt`, `validatedAt`, `updatedAt`, `sourceType`, `sourceId`, `totalPriceWithTax`, `productCount`, `lineCount`, `reference`.<br>
    - Default: `createdAt:desc` **then** `reference:asc` as tie-breaker for stability.<br>
    - Invalid/malformed sort entries are **silently ignored**; valid ones are still applied.<br>
    - When sorting by `reference`, collation is case-insensitive and locale-aware.<br><br>

n Errors
- 401 Unauthorized (missing/invalid token). 403 Forbidden (role or store not allowed). Other errors follow Djust’s error catalog.