To the best of my knowledge, you can only get a universal client-id and client-secret if the App is officially Published by SmartThings. The publication mechanism inherently has the tools to set those to a fixed value so that all OAuth requests hit the same SmartApp master.
When a regular customer loads a SmartApp into their own workspace (even using GitHub) and enable OAuth, a unique ID and Secret are generated. Access to that copy in order to create instances over OAuth is limited to the customer’s own Account (and any Locations in that Account) via their email and password.
A long time ago (2 or 3 years ago…), it was possible to share unpublished code via the ID and Secret; but this was considered, by SmartThings, to be a security risk, as it gave customers the impression that the code had been officially reviewed, published, and locked down from arbitrary changes. Such developers could have introduced vulnerabilities or exploits into the shared SmartApp without requiring a review by SmartThings. I think this fear was overblown - but, the risk certain existed.
The current SmartApp development, review, and publication process is being deprecated due to the new API which, we have been told, will have a streamlined publication procedure. It may take a while to get here, but once in place, I’m sure the situation will be much better. There’s nothing to do in the meantime but … wait.