don't add user to a secret if they already can access the secret

If the user is part of a group we don't need to add them explicitly

pkgs/clan-cli/tests/helpers/secret_cli.py

@@ -0,0 +1,14 @@
+import argparse
+
+from clan_cli.secrets import register_parser
+
+
+class SecretCli:
+    def __init__(self) -> None:
+        self.parser = argparse.ArgumentParser()
+        register_parser(self.parser)
+
+    def run(self, args: list[str]) -> argparse.Namespace:
+        parsed = self.parser.parse_args(args)
+        parsed.func(parsed)
+        return parsed