1. The users will be able to upgrade WordPress and plugins through the options panel. If you create a new version of the theme, existing customers can just download the new version from your site.
2. The theme MUST be GPL if you plan to release it to the public. You can still charge for it, but you can't put any restrictions on what the user does with it once they buy it. You can do a split license, however, where the PHP is GPL but the HTML, CSS and graphics would be copyrighted. It's best to go 100% GPL though. I would not offer refunds on the purchase, because what's to stop them from buying it, immediately requesting a refund and then keeping the theme?
With a product like this, it would make more sense to generate most of your income from support and customization services instead of theme sales. Pirates *will* steal and distribute your themes for free, but support and customization are two things those losers can't steal. If someone gets one of your themes for free, they won't have access to support unless they pay up. Plus, they won't necessarily have the latest and greatest version (not to mention that pirated versions of free themes often have had spammy code injected into them).
What type of theme are you making? I highly suggest that you use the Parent Theme/Child Theme model. This way, people can customize their themes without losing their changes whenever you release a new version. See: http://codex.wordpress.org/Child_Themes for more information.
There are lots of tutorials on creating an options page, here is a collection of them: http://www.cssreflex.com/2010/02/8-fantastic-wordpress-theme-options-page-tutorials.html