Transition group links to full DN instead of just CN

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Currently, group links are configured based on CN only. In some environments there could be multiple groups with the same CN, but different DN. Basically, CN is not guaranteed unique. We should begin storing group links with a full DN instead of CN. We can do this in a backward compatible way and update existing entries on the fly.

1. The group link dropdown would work the same way - search by CN, but we need to add more info to the dropdown so you know which group you're selecting (already requested in #237 (closed))
2. Add logic to group sync to check if the group link contains a CN or full DN. If full DN, look up group by DN. If not, look up by CN (old way). In this case, also retroactively update the group link to include the full DN after looking up by CN.
3. Deprecate group link stored with CN-only. Some orgs may use the API to add group links and they are probably adding CN-only. We can remove this in 9.0?

cc/ @jacobvosmaer-gitlab