[AC-1638] Disallow Secrets Manager for MSP-managed organizations

[eliykat]

Type of change

- [ ] Bug fix
- [ ] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other

Objective

We do not support MSP access to Secrets Manager, so we need to prevent:

• an org with SM being added to an MSP, or
• an MSP adding SM to one of their client organizations.

The internal Bitwarden Portal will not have this restriction, so that Customer Success can make case-by-case exceptions if required.

Server changes: bitwarden/server#3297

Code changes

• OrganizationPlansComponent - hide sm-subscribe component if accessed via the provider portal
• OrganizationSubscriptionCloudComponent - hide sm-subscribe component if the org has a provider

Note that there is no client-side block on adding an existing org with SM to a provider. We just rely on the server-side error message via toast.

Screenshots

Before you submit

• Please add unit tests where it makes sense to do so (encouraged but not required)
• If this change requires a documentation update - notify the documentation team
• If this change has particular deployment requirements - notify the DevOps team
• Ensure that all UI additions follow WCAG AA requirements

[bitwarden-bot]

Checkmarx One – Scan Summary & Details – e25e38ec-2a6e-4331-b44a-e0dd446f8b66

New Issues

Severity	Issue	Source File / Package	Checkmarx Insight
	Use_Of_Hardcoded_Password	/apps/cli/src/models/response/string.response.ts: 8	Attack Vector
	Use_Of_Hardcoded_Password	/apps/cli/src/models/response/string.response.ts: 8	Attack Vector
	Use_Of_Hardcoded_Password	/apps/cli/src/models/response/string.response.ts: 8	Attack Vector

[cyprain-okeke]

LGTM

[eliykat]

Fixed some logic - no need to check the providerType, only whether the org has a provider at all.

[cyprain-okeke]

Looks Good