Give SaaS group owners control over accidental user overages via a `User Cap` setting

Summary

In &4315 (closed), we introduced a User Cap setting for self-managed admins to prevent accidental user overages.

This is the next iteration of this feature to bring the setting to SaaS Group owners as well.

Success Criteria

The User Cap setting for SaaS should operate the same as the behavior for self-managed however we are treating the instance-level setting/behavior for SaaS at the root namespace instead. See designs

1. Provide Group owners with the ability to set a User Cap as described in &4315 (closed) (noting self-managed admin = Group Owner in SaaS)
2. Alert group owners when the limit has been reached
3. Put members into pending state once limit is reached
4. Send email notification to group owner once limit is reached
5. Ensure the Approval of adding a member from Pending state is tracked in the Audit Logs

The actions listed here can be broken into multiple issues and/or MRs as determined by the dev who picks this up. Please ping @amandarueda with questions.

Designs

#321934 (closed)