Allow organisations to add code

Created by: ryanslade

This issue only defines the backend changes required.

Add the namespace_org_id column to external_service

An external service can have no owner which indicates it is owned by the site admin. If an owner is specified, it can only be owned by an org OR user, not both. This should be enforced by a DB constraint.

Add a global site setting to enable the feature as we did with users, but we'll call it externalservice.orgMode: https://github.com/sourcegraph/sourcegraph/blob/9dbb6a939223c32864479e21af0b6e508db2440c/schema/site.schema.json#L423

For user's we tagged users in our database in order to enable the feature. Since the orgs table doesn't have that columns and the number of orgs we trial with will be low I think we can simply use a string array in site settings that enable certain orgs.

We can add two arrays, externalService.publicAllowList and externalService.privateAllowList. It's assumed that an org that is allowed to add private code can also add public code.

To enable org service syncing we only need to update the code here to include services owned by an org: https://github.com/sourcegraph/sourcegraph/blob/f7608c1a479f4861da1f37f3bcd22bbc855cc950/cmd/repo-updater/repos/store.go#L1058-L1065

Then, we need to update code here: https://github.com/sourcegraph/sourcegraph/blob/ce3c397e5c4953b943f26c8ad951ea14b8249434/cmd/repo-updater/repos/syncer.go#L170

We need to also check both if code isUserOwned or isOrgOwned. Org owned repos should be handled similarly to user owned by abuse limits should be separately configured.

Filtering of private repos during syncing should take into account both user and org feature flags.