chore(docs): clarify use of isOrganizationTrail (#21824)

If `isOrganizationTrail` is set to `true`, but the current AWS account
is _not_ the management account then CloudFormation will throw an error.

`You cannot configure or manage trails for an organization because this action requires being signed in with the management account.`

Also remove the integration test that was added for this feature since
in order to test this you would need access to an AWS organization
management account _and_ access to create/delete an organization trail.


----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: corymhall

packages/@aws-cdk/aws-cloudtrail/README.md

@@ -190,7 +190,7 @@ trail.addLambdaEventSelector([ amazingFunction ]);
 ## Organization Trail
 
 It is possible to create a trail that will be applied to all accounts in an organization if the current account manages an organization.
-To enable this, the property `isOrganizationTrail` must be set. If this property is set and the current account does not manage an organization, the created trail will be created only for the account.
+To enable this, the property `isOrganizationTrail` must be set. If this property is set and the current account does not manage an organization, the stack will fail to deploy.
 
 ```ts
 new cloudtrail.Trail(this, 'OrganizationTrail', {

packages/@aws-cdk/aws-cloudtrail/lib/cloudtrail.ts

@@ -119,6 +119,8 @@ export interface TrailProps {
   /**
    * Specifies whether the trail is applied to all accounts in an organization in AWS Organizations, or only for the current AWS account.
    *
+   * If this is set to true then the current account _must_ be the management account. If it is not, then CloudFormation will throw an error.
+   *
    * If this is set to true and the current account is a management account for an organization in AWS Organizations, the trail will be created in all AWS accounts that belong to the organization.
    * If this is set to false, the trail will remain in the current AWS account but be deleted from all member accounts in the organization.
    *