That upgrade process on the app is a three step-process when two confirmations. That's not including unlocking a phone, opening the Tesla app and selecting the upgrades menu...
I don't have the app (or car) so I can't verify for myself, but now it's hard to reconcile your statement with the twitter thread analysis I referenced above.
EDIT: Maybe it's a discrepancy about what a "confirmation" is? If the author of the twitter thread is correct, the "confirmation" is just a large button on the screen that doesn't require password re-entry, which is not much of a confirmation. He proposes that it's easy to accidentally spend the money if you go to the "upgrades" screen, then put the phone in your pocket without locking it.
Notice how the payment transaction actually happens in Apple Pay. So that means that you need FaceID to complete it. Impossible to do if the phone is in your pocket!
I believe the route to the accidental purchase the twitter thread refers to is through the "Pay with credit card" button though, which for some reason isn't present in your configuration.
Quite impossible to "fat-finger" it.