Document when to use admin notes

For tracking purposes it's important to note any actions we may have taken on a customer/user's account. At present this isn't well documented. It should be.

Workflows / times that we might use this for:

• 2FA
• Removing projects (e.g. user gets a 500 on their project page because of a bad project [this has happened] and we remove it)

Questions:

• Is this best noted in particular workflows or in a general section of the handbook?
• How strict should we be about formatting / what format is preferred?