fix: keep secrets working after organization rename

[0vertake]

Summary

• Fix secrets actions to validate organization/domain IDs instead of panicking on malformed values.
• Ensure secrets UI requests pass the explicit organization ID header instead of relying on URL inference.
• Add regression coverage for secrets remaining usable after an organization rename.

Test plan

• manual E2E test
• make test.e2e E2E_TEST_PACKAGES=./test/e2e

[superplanehq-integration]

👋 Commands for maintainers:

• /sp start - Start an ephemeral machine (takes ~30s)
• /sp stop - Stop a running machine (auto-executed on pr close)

[superplane-gh-integration-9000]

❌ OSS Guard found dependency licenses that are not permitted for this project.

Project license (from repository): Apache-2.0

Permitted dependency licenses: MIT,Apache-2.0,BSD-2-Clause,BSD-3-Clause,ISC,0BSD,Unlicense,CC0-1.0,CC-BY-4.0,Zlib,MPL-2.0,OpenSSL,BlueOak-1.0.0

Reason: One or more dependencies use licenses that are not compatible with the project license.

osv-scanner report:

@csstools/color-helpers 5.1.0 (npm) - MIT-0
argparse 2.0.1 (npm) - Python-2.0
csv 3.3.5 (RubyGems) - Ruby, BSD-2-Clause
elkjs 0.10.0 (npm) - EPL-2.0
khroma 2.1.0 (npm) - UNKNOWN
posthog-js 1.368.2 (npm) - non-standard
stdlib 1.26.2 (Go) - UNKNOWN

Add approved exceptions in your repository's osv-scanner.toml.