Validates and redeems a voucher code on behalf of the supplied external_user_id. Campaign is derived from the S2SJWT token. On success, publishes a voucher.VoucherRedeemed event with the user identity so downstream discount listeners can attribute the redemption.

For campaigns whose discount type triggers a synchronous side-effect on a partner system (e.g. Carrefour loyalty event), the operator must supply the user's partner credential via the X-User-Token header. Without it, redemptions on those campaigns fail with HTTP 401 before the voucher counter is decremented.