Protected environments still assigned to removed groups

Summary

When group is removed from a project related records from protected_environment_deploy_access_levels are not deleted. According to https://gitlab.slack.com/archives/CB2S7NNDP/p1567478233016800 there are 4 such records, but those could be also caused by https://gitlab.com/gitlab-org/gitlab-ee/issues/11649.

Steps to reproduce

1. Add group to a project.
2. Create protected environment and give deploy access to users from the above group.
3. Remove the group from the project.

What is the current bug behavior?

Related protected_environment_deploy_access_levels records will still exists, Project#protected_environment_accessible_to? and Environment#protected_deployable_by_user? will return true for users from the removed group.

What is the expected correct behavior?

Related record from protected_environment_deploy_access_levels should be deleted when group is removed from the project.

Impact

This should be difficult to trigger, users from the removed group will not have access to the project. We better fix it though.