[codex] Add workspace governance guidance for enterprise onboarding

[llewellyn-sl]

Summary

• add practical workspace-planning guidance for larger organizations
• recommend narrower workspace-scoped GCP service accounts and credential boundaries
• clarify how cross-cloud data access depends on the launching workspace, compute environment, and work directory

Source

• Slack nightly summary: https://seqera.slack.com/archives/C0APYR2A3A8/p1775168214686739
• EDU ticket: https://seqera.atlassian.net/browse/EDU-1118

Doc target

• platform-cloud → platform-cloud/docs/orgs-and-teams/workspace-management.md
• platform-cloud → platform-cloud/docs/credentials/data_repositories.md

Rationale

The ticket asked for enterprise onboarding guidance without introducing a large new guide. These edits keep the change on existing pages that users already consult when setting up organization workspaces and GCP data access, while adding the missing governance and credential-scoping advice that had been handled ad hoc.

Validation

• File-level validation confirming the new workspace-planning and GCP guidance is present
• Full Docusaurus build not run in this environment because node_modules are not available in the automation clone

Follow-up questions / gaps

• If the education team wants a fuller SOP-style onboarding guide later, that should likely become a new page once the desired canonical workflow is agreed across CS and education.
• The cross-cloud note here stays at the planning level and intentionally does not prescribe provider-specific network or IAM topologies beyond what the current docs already support.

[netlify]

✅ Deploy Preview for seqera-docs ready!

Name	Link
🔨 Latest commit	f3fa5da
🔍 Latest deploy log	https://app.netlify.com/projects/seqera-docs/deploys/69d7c8c9ff9d3800088621ca
😎 Deploy Preview	https://deploy-preview-1270--seqera-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[christopher-hakkaart]

Suggested change

	This model makes it easier to onboard new groups consistently, audit who can access a given bucket or compute environment, and limit the blast radius of later credential changes.
	This model makes it easier to onboard new groups consistently, audit who can access a given bucket or compute environment, and limit the impact of later credential changes.

[christopher-hakkaart]

Adding comments rather than editing so others can evaluate the PR as well.

Largely, this is a good draft. The content appears reasonable for addressing the questions raised in the ticket. My GCP knowledge is limited.

Editorially, I think the tense drifts a little in the added text. Also, some very long sentences could be shorter. I'm also not sure if this is the best location for "Workspace planning for larger organizations"; to me, it should be called out before creating a workspace section, as it frames some of the decisions/steps for the rest of the page.