To answer your questions:
Yes, we strongly recommend that org_id's are set on APIs, policies and keys, org ID's basically group ownership of these obejcts, leaving them out could cause things to stop working (we've seen this with policies), not recommended
Tyk hashes keys, unless you have this switched off, listing keys will not work (by design). Also, the api_id param is not a filter, it is merely a specifier to identify the back-end to use (search the forum, this has been asked many times).
Yes, if you make the list keys GET request to the advanced API on an unhashed installation with a user that belongs to the org
Lastly, orgs are there to organise API / Resource ownership domains, not clients, so you can have one org, owning Evernote and LinkedIn APIs and supply keys for both. Then use policies to determine paid or free access to either.
You would only use multiple orgs if you actually want to segregate APIs, keys and ownership from one another, i.e. you have multiple tenants. And ultimately, this only matters in the dashboard, not in the gateway, as the dash/advanced API is the only thing that really cares and filters based on these criteria, and those filters only work if org_ids are used.