Thanks for the advice. Think I might follow the same pattern, with a possible minor change (untested).
Instead of removing them from your database on decline, retain the install (tokens etc.) and should they try using the app, you can simply redirect them to the billing confirmation_url directly and re-attempt the charge. (No need to auth again)
To keep your database clean, create an uninstall webhook to only remove your local Shop data etc. once the shop removes your app by clicking "Remove App".
That makes sense at the moment....let's see if I can make that work.