Remove Group SAML `Identity` record when a user is manually removed from a group
What
Remove the Identity record linking a user to a SamlProvider when they are manually removed from a group.
This looks like provider: :group_saml, saml_provider: group.saml_provider, extern_uid: oauth['uid'], user: current_user, and was discussed in https://gitlab.com/gitlab-org/gitlab-ee/issues/5331#note_63848745
Why
Allows users to break the link to a particular provider, for example if accidentally linking the wrong account. Otherwise removing the user still leaves the Identity record which will cause the same link to be made on a second attempt.