OAuth group filtering for JupyterHub cluster app

From https://gitlab.com/gitlab-org/gitlab-ce/issues/46487#note_76237118

When JupyterHub is deployed as cluster application, everyone can login with GitLab account from the same instance. For huge instances like GitLab.com such restriction might be not enough.

In theory, we can whitelist access:

• only to group name https://gitlab.com/gitlab-org/gitlab-ce/issues/46487#note_75035925 if project belongs to a group.
• only to single user https://gitlab.com/gitlab-org/gitlab-ce/issues/46487#note_74388556 if project belongs to a user.