Update mutable KYC user profile fields.

Allowed only while the user is still pre-verification. Once any of the following hold, full_name and email lock and this endpoint rejects the change with 409 so identity drift cannot silently break a submitted KYC application:

• kyc_status == approved (urbanpayx-decided approval)
• external_verification_status == verified (external attestation)
• verification_source != none (canonical post-decision state)
• sumsub_applicant_id is not None (Sumsub already saw this identity)

To change a locked profile, superadmin must run kyc-reset first.