We were sharing a policy for events between org admins and volunteers.
This allowed volunteers to see or event edit events. They would have go
know or guess the url, but it's not that unlikely for an admin to send
a screenshot or share their screen over a video call.
This splits the event scopes into two: one for admins, and one for
organization users (admins and volunteers). The volunteer one still
contains permissions for admins because admins can be assigned to
shifts.