Builds off #851

Context

The scope of this work is still a little nebulous, and should be revisited closer to the start of the Beta period. But in short, some workspace templates will depend on organization-scoped secrets. At the same time, not all users will have the permissions to add these secrets. We need to to the following:

• Update the workspace creation UI to show which secrets are scoped at the organization level (making sure that there's a clear visual difference between them and user secrets)
• Decide how we'll let users add the missing secrets
  • For users who don't have the right permissions, we might only have a message like "Contact your organization admin to add this secret"
  • But for organization admins, we might want to include a link to bring them to the page for creating org secrets.

Additional thoughts

• While making a org admin go to a separate page would add more friction compared to letting them add secrets from the workspace creation form, it feels like friction that encourages safer behaviors. We SHOULD make the admin consider how adding the secret will affect all users within the organization