[AC-1638] Disallow Secrets Manager for MSP-managed organizations

[eliykat]

Type of change

- [ ] Bug fix
- [ ] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other

Objective

We do not support MSP access to Secrets Manager, so we need to prevent:

• an org with SM being added to an MSP, or
• an MSP adding SM to one of their client organizations.

The internal Bitwarden Portal will not have this restriction, so that Customer Success can make case-by-case exceptions if required.

Clients changes: bitwarden/clients#6392

Code changes

• ProviderService - block a provider from adding an existing org if it has SM
• AddSecretsManagerSubscriptionCommand - block SM from being added to an existing org if it has an MSP
• OrganizationService - block a provider from creating a new org with SM

Before you submit

• Please check for formatting errors (dotnet format --verify-no-changes) (required)
• If making database changes - make sure you also update Entity Framework queries and/or migrations
• Please add unit tests where it makes sense to do so (encouraged but not required)
• If this change requires a documentation update - notify the documentation team
• If this change has particular deployment requirements - notify the DevOps team

[bitwarden-bot]

Checkmarx One – Scan Summary & Details – 89d10bc9-b299-4793-b500-838291add0b4

No New Or Fixed Issues Found

[amorask-bitwarden]

LGTM!

[cturnbull-bitwarden]

🎉