Clear indication of CSP framework vs Group framework

Description

@khornergit @nrosandich and I discussed a risk in the UI of not having clear differentiation around which frameworks were created in/inherited from a CSP.

Example scenarios:

1. A user in a downstream group from the instance has inherited CSP frameworks. They want to create a security policy and go to select a framework from the dropdown to scope the policy to. The list shows only CF labels - no differentiation between the "instance" framework vs the "group" framework. If frameworks were created in both the CSP and group with the same name (e.g. "ISO"), there will be no way to really know from the UI which one to select. The policy creator in the group may want to apply a policy to some framework organized centrally in a coordinated effort. They may also want to have a separate set of policies only applying to their group level framework.
2. Users in a project (appsec/developers) may want to have clarity on how a policy is being applied and affecting them. They may see a label applied on their project (e.g. ISO). It may not be clear if this is a framework inherited from the instance or the group. There are measures here - you can go to the policy page, you can go to the frameworks page. But it's not immediately evident and may make it slower to troubleshoot issues or route users appropriately.

We decided we would open this issue to track and listen for feedback on the topic during Beta.