Story: As a Quay user, I want to be able to set the scope of the pull secret I create via the Quay UI from a robot token to the organization of said robot, so that I can incrementally add pull secrets to my OpenShift namespace that have overshadowing of global pull secrets which are scoped to the entire registry, e.g. quay.io.

Background:

This changes the UI screen for the Kubernetes pull secret creation to allow the scope of the pull secret to be set. What is normally 

.dockerconfigjson:
{
  "auths": {
    "<quay-server-hostname>": { "auth": "TOKEN",  "email": ""}
  }
} 

now becomes

.dockerconfigjson:
{
  "auths": {
    "<quay-server-hostname>/<organization>": { "auth": "TOKEN",  "email": ""}
  }
}  

This makes using this pull secret in an OpenShift project easier when a cluster-wide global pull secret scoped to the same registry is already available. This requires support from the container runtime to scope the pull secret to a certain namespace only, e.g. CRI-O via c/image: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md - other runtimes may ignore this scope.