[FIX] website_sale: prevent other sessions to crash after checkout

Before this commit:
If an user has multiple session on a database (eg: he is connected both on his
smartphone and his laptop on the ecommerce), and there is a cart in these
session, confirming the cart on one of the session will make other sessions
unable to use the checkout anymore.

This is because other sessions will still contains the Sale Order that is now
'sent' and updating the cart will raise an error:
`It is forbidden to modify a sales order which is not in draft status.`

Now:
If the SO to be updated is not in `draft` anymore, we create a new one.

Step to reproduce:
  - Login on ecommerce from device A
  - Add product in cart, the SO will be added on session
  - Login on ecommerce from device B
  - Pay the cart (it will retrieve the SO from device A)
  - At that point, the cart is paid and the SO is removed from session on
    device B but other devices won't be able to use the checkout anymore
    as they still have the SO in session which is in `sent` state.
    Thus, any action on cart will raise the error

Note:
1. We can't implement that behavior in `sale_get_order()` as it is supposed to
   return SO in `sent` state after checkout.
2. We can't implement that behavior in `_cart_update()` as it is inherited in
   some module. Thus, implementing that behavior in `cart_update()` would change
   `self = order` but inherited methods would still have initial `self`.
3. Implementing the behavior in the controller it is already done (differently)
   in `cart_update_json()`.

Fixes #27508, closes #27794