Ref T9575. Users do not seem to understand that the PhabricatorPolicyCapability::CAN_EDIT capability is required in order to be able to reveal a Passphrase secret. Furthermore, there are legitimate situations in which I wish for users to be able to see the plaintext secret but I don't want to generally give them edit permissions (for example, I don't wish for them to be able to change or destroy the secret). As such, this diff introduces a new PassphraseRevealCapability capability.
For consistency, I also renamed "show secret" and "looked at secret" to "reveal(ed) secret".