Users#PUT API can update the wrong GroupSAML identity

The following discussion from !14045 (merged) should be addressed:

• @jamedjo started a discussion:

  A user could have multiple identities with provider: 'group_saml', one for each GitLab.com group they belong to. This could find and update the wrong identity.

  Before the find_or_create_by we had find_by(provider: identity_params[:provider], saml_provider_id: saml_provider_id), so could probably do find_by(provider_params) and override those in EE to include saml_provider_id when present.

  I'll create a follow up issue.