Clarify access level needed for secrets in web interface

Closes github#1087

I considered changing the `permissions-statement-secrets-repository`
reusable to include a reference to the API, but then I noticed that the
other place using it (["Enabling debug logging"][1]) already mentioned
the API, so instead I added a note. Including a mention of "web
interface" lead to (IMO) too much duplication in text, so I rephrased it
to be more like the `permissions-statement-secrets-api` reusable.

[1]: https://docs.github.com/en/free-pro-team@latest/actions/managing-workflow-runs/enabling-debug-logging

content/actions/reference/encrypted-secrets.md

@@ -75,6 +75,12 @@ When generating credentials, we recommend that you grant the minimum permissions
 
 If your repository {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}has environment secrets or {% endif %}can access secrets from the parent organization, then those secrets are also listed on this page.
 
+{% note %}
+
+**Note:** Users with collaborator access can use the REST API to manage secrets for a repository. For more information, see "[{% data variables.product.prodname_actions %} secrets API](/rest/reference/actions#secrets)."
+
+{% endnote %}
+
 {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}
 ### Creating encrypted secrets for an environment
 

data/reusables/github-actions/permissions-statement-secrets-repository.md

@@ -1 +1 @@
-To create secrets for a user account repository, you must be the repository owner. To create secrets for an organization repository, you must have `admin` access.
+To manage secrets using the web interface, you must be the repository owner for a user account repository, or have `admin` access for an organization repository.