Implement `POST /Groups` endpoint

Description

Implement SCIM Groups provisioning endpoint (POST /Groups) for self-managed instances that enables identity providers to associate their SCIM group IDs with existing SAML group links in GitLab. This allows synchronization between IdP groups and GitLab groups via SAML group links.

Acceptance Criteria

Endpoint accepts SCIM-formatted POST requests with displayName (SAML group name) and externalId (SCIM group ID)
Endpoint requires a valid SCIM access token
Feature is only available when self_managed_scim_group_sync feature flag is enabled
Finding existing SAML group links matches on the provided SAML group name
Updates matching SAML group links with the provided SCIM group ID
Returns 201 status with SCIM-formatted group details on success
Returns appropriate SCIM error responses when SAML group not found
Only available for self-managed instances (not on GitLab.com)
Only available when instance SAML is configured
Only available with proper license that includes instance-level SCIM

Example Request

POST /api/scim/v2/application/Groups
Accept: application/scim+json
Content-Type: application/scim+json
Authorization: Bearer <token>

{
  "displayName": "engineering",
  "externalId": "scim-group-123"
}

Example Response

{
  "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group"],
  "id": "engineering",
  "displayName": "engineering",
  "externalId": "scim-group-123"
}

Edited Feb 18, 2025 by Paulo Barros