fix: validate owner-pet relationship in update endpoint

[sourav-18]

Fixes #310

The endpoint PUT /owners/{ownerId}/pets/{petId} allowed updating pets that do not belong to the specified owner.

This PR adds validation to ensure that the pet being updated belongs to the given owner:

if (currentOwner != null &&
    currentOwner.getPets().stream().anyMatch(pet -> Objects.equals(pet.getId(), petId))) {
    ...
}

This approach keeps the service and repository layers unchanged and introduces a minimal fix at the controller level.

An alternative approach could be to validate ownership at the repository level using a method like findPetByIdAndOwnerId, but the current solution avoids additional changes and resolves the issue effectively.