ADR: Instance wide OAuth applications

Instance wide OAuth applications don't fit the Organizations architecture. These applications are essentially pre-authorized applications by the admin for use with an instance.

Adil said:

The core advantage for instance wide OAuth apps, is controlling who can manage them. So for SM, there is a use case for admins to be able to do so. On GitLab.com, we used the same paradigm to support OAuth applications we (as GitLab team/SREs) want to setup for all GitLab.com users.

From a user perspective there is a second factor that is not insignificant that pre-authed applications on gitlab.com can be specified as defaults in other apps and docs, while custom apps needs to specify details to link.