Limit repo or organization secrets to PRs from origin repo

Encrypted secrets are exposed to PRs from the origin repo, but not PRs from forks. I want the same behavior for secrets entered in the web UI. Right now they’re either all PRs or no PRs.

I’ll just disable forks for now