Allow manual removal for group members who've authed in via SSO
Description
When group-level SSO is operational, group managers should have a way to manually manage group membership. Manual removal will be the only way of ensuring that a user is no longer able to access information in the group in group-level SSO's first iteration.
Proposal
- On removing a member from a group using group-level SSO:
- The user's GitLab.com account should have their membership revoked. They should be required to SSO into the group again if they'd like to renew group membership.