Resolves #373 by removing access to the entirety of an OpenAI API key
associated with a group for any user on the front end. This PR also
updates the permission model to allow users who updated the group API
key details to view the redacted API key in the UI, besides root and
institutional admins.