Fix error handler in secret injector (#343)

## Overview
Fix error handling conditional in secret injector

Without this change
```
2024/06/25 20:54:47 http: panic serving 10.232.42.27:42560: runtime error: invalid memory address or nil pointer dereference
goroutine 185 [running]:
net/http.(*conn).serve.func1()
	/usr/local/go/src/net/http/server.go:1868 +0xb9
panic({0x2bbdfc0?, 0x5423950?})
	/usr/local/go/src/runtime/panic.go:920 +0x270
github.com/flyteorg/flyte/flytepropeller/pkg/secret.EmbeddedSecretManagerInjector.Inject({{0x1, {{0x0, 0x0}}, {{0xc0007839e0, 0x18}}, {{0x31a9d0e, 0xc}, {0xc000baa030, 0xc000baa090, {...}}}}, ...}, ...)
	/go/src/github.com/unionai/cloud/flyte/flytepropeller/pkg/secret/embedded_secret_manager.go:152 +0xaa
github.com/flyteorg/flyte/flytepropeller/pkg/secret.(*SecretsPodMutator).injectSecret(0xc0015a4540, {0x38eab40, 0xc0013f44e0}, 0xc001490e40, 0x9d88c5?)
	/go/src/github.com/unionai/cloud/flyte/flytepropeller/pkg/secret/secrets_pod_mutator.go:81 +0x177
github.com/flyteorg/flyte/flytepropeller/pkg/secret.(*SecretsPodMutator).Mutate(0xc000b8e6f0?, {0x38eab40, 0xc0013f44e0}, 0xc000c00000)
	/go/src/github.com/unionai/cloud/flyte/flytepropeller/pkg/secret/secrets_pod_mutator.go:48 +0x225
```

## Test Plan
- [x] Add a unittest to cover this path

## Rollout Plan (if applicable)
Bring to cloud as part of [fasttask secrets fixes](unionai/flyte#340) that uncovered this

## Upstream Changes
Should this change be upstreamed to OSS (flyteorg/flyte)? If not, please uncheck this box, which is used for auditing. Note, it is the responsibility of each developer to actually upstream their changes. See [this guide](https://unionai.atlassian.net/wiki/spaces/ENG/pages/447610883/Flyte+-+Union+Cloud+Development+Runbook/#When-are-versions-updated%3F).
- [ ] To be upstreamed to OSS

flytepropeller/pkg/secret/embedded_secret_manager.go

@@ -131,7 +131,7 @@ func (i EmbeddedSecretManagerInjector) lookUpSecret(ctx context.Context, secret
 	// Fetch organization scoped secret
 	orgScopedSecret := fmt.Sprintf(SecretsStorageFormat, labels[OrganizationLabel], EmptySecretScope, EmptySecretScope, secret.Key)
 	secretValue, err = i.secretFetcher.GetSecretValue(ctx, orgScopedSecret)
-	if err != nil {
+	if err == nil {
 		return secretValue, err
 	}
 	if !stdlibErrors.IsCausedBy(err, ErrCodeSecretNotFound) {

flytepropeller/pkg/secret/embedded_secret_manager_test.go

@@ -26,9 +26,18 @@ func TestEmbeddedSecretManagerInjector_Inject(t *testing.T) {
 	secretIDKey := "secretID"
 	secretValue := "secretValue"
 
-	secretID := fmt.Sprintf(SecretsStorageFormat, OrganizationLabel, DomainLabel, ProjectLabel, secretIDKey)
-	gcpClient.OnAccessSecretVersionMatch(ctx, &secretmanagerpb.AccessSecretVersionRequest{
-		Name: fmt.Sprintf(GCPSecretNameFormat, gcpProject, secretID),
+	projectSecretID := fmt.Sprintf(SecretsStorageFormat, OrganizationLabel, DomainLabel, ProjectLabel, secretIDKey)
+	domainSecretID := fmt.Sprintf(SecretsStorageFormat, OrganizationLabel, DomainLabel, EmptySecretScope, secretIDKey)
+	orgSecretID := fmt.Sprintf(SecretsStorageFormat, OrganizationLabel, EmptySecretScope, EmptySecretScope, secretIDKey)
+
+	gcpClient.On("AccessSecretVersion", ctx, &secretmanagerpb.AccessSecretVersionRequest{
+		Name: fmt.Sprintf(GCPSecretNameFormat, gcpProject, projectSecretID),
+	}).Return(nil, stdlibErrors.Errorf(ErrCodeSecretNotFound, fmt.Sprintf(SecretNotFoundErrorFormat, projectSecretID)))
+	gcpClient.On("AccessSecretVersion", ctx, &secretmanagerpb.AccessSecretVersionRequest{
+		Name: fmt.Sprintf(GCPSecretNameFormat, gcpProject, domainSecretID),
+	}).Return(nil, stdlibErrors.Errorf(ErrCodeSecretNotFound, fmt.Sprintf(SecretNotFoundErrorFormat, projectSecretID)))
+	gcpClient.On("AccessSecretVersion", ctx, &secretmanagerpb.AccessSecretVersionRequest{
+		Name: fmt.Sprintf(GCPSecretNameFormat, gcpProject, orgSecretID),
 	}).Return(&secretmanagerpb.AccessSecretVersionResponse{
 		Payload: &secretmanagerpb.SecretPayload{
 			Data: []byte(secretValue),