Thanks for your question. In fact your question consists of several dimensions.
(1) as far as the multi-host communication is done, like the Docker Swarm clustering in this article, adding anything from another host shouldn’t be a big issue. You can see I’m using 4 hosts here, and it can be a larger cluster as far as Docker Swarm is configured appropriately.
(2) There is a tutorial of adding Org3 in readthedocs. This is to add Org3 at channel level. In this case majority of admin is required and therefore in this case 2 out of 2 are needed. Say if we have 3 orgs already and wish to add 4th, we just need 2 out of 3 to make it working. But true that the transaction needs to be signed by the number of orgs as far as majority meets: not to all orgs.
(3) Note that the tutorial in readthedocs is only at channel level, not consortium level. If you wish to add Org3 in consortium level you need to act as orderer admin. In this case it is the orderer org admin signs the transaction.
(4) Finally, in real life, crypto material for an Org should be generated by the Org herself. What they need to provide is the Root CA certificate of that Org when joining the consortium / channel. In the tutorial things are simplified such that it looks like everything is generated from one source (one org).
HTH… cheers, kc