Dynamic script/SDK load — only pulled in if this PSP is active.
Renders Worldline's Hosted Tokenization iframe (SAQ-A eligible: card data
never touches the host DOM) into a generated child of container. The
iframe is addressed entirely by the session's clientSecret (the
hostedTokenizationUrl) — no client key is needed. Host UI options pass
through untouched via MountOptions.fieldOptions.
Tokenize-first shape: resolves requires_confirmation plus the hostedTokenizationId. The host passes that clientToken to the server's completePayment ( / completionEndpoint wire it automatically).