Separate admin roles from the MemberRoles table

Admin roles are created by using the Users::UserMemberRole table to point to a MemberRole record. This naming convention is confusing and due to the differences between MemberRoles and admin/instance roles we are overloading the MemberRole class. Additionally, since the member_roles table uses namespace_id as a sharding key for cells we are breaking things be requiring the namespace_id to be nil for admin roles. This has also added complexity to our spec factories which has led to bugs.

This issue is a proposal to create a new model, such as Authz::InstanceMemberRole which will look similar to the MemberRole table but with attributes that are associated with instance-wide roles, such as admin roles.

Following from !184606 (merged), once we have a Authz::InstanceMemberRole model, which will have gitlab_schema: gitlab_main_clusterwide, we also need to change the association of the Authz:: LdapAdminRoleLink to this new model.