fix(credentials): workspace admin users get 'member' role on credential_member instead of 'admin'

[minijeong-log]

Bug Description

When a workspace-scoped secret is created (via Settings > Secrets or syncWorkspaceEnvCredentials), the credential_member role is determined solely by whether the user is the workspace owner:

const targetRole = memberUserId === ownerUserId ? 'admin' : 'member'

This means workspace admin users are assigned member role on credential_member, making them unable to edit or delete the secret — even though they have admin access to the workspace.

Affected Code

1. apps/sim/lib/credentials/environment.ts — ensureWorkspaceCredentialMemberships: only checks ownerUserId, ignores workspace permissions table
2. apps/sim/app/api/credentials/route.ts — POST handler: same issue, only workspaceRow.ownerId || session.user.id gets admin

Expected Behavior

Credential member role should reflect workspace permissions:

Workspace Permission	Credential Role
owner (workspace.ownerId)	admin
admin (permissions table)	admin
write	member
read	member

Steps to Reproduce

1. Create a workspace with multiple members (owner + admin + write/read users)
2. As the owner, go to Settings > Secrets and create a workspace-scoped secret
3. Check credential_member table — only the owner has admin role
4. Log in as a workspace admin user — cannot edit or delete the secret