Implement SCIM group membership caching

Description

Implement a caching mechanism for SCIM group memberships to ensure correct access level management when users belong to multiple groups or when group access levels change.

This was raised by @dblessing as feedback to our current implementation and suggested as an improvement to be done before removing the feature flag.

Problem

Unlike SAML (which provides complete group information on every login), SCIM operations are individual and can lead to:

1. Users incorrectly losing all access when removed from one group but still belonging to others
2. Users retaining higher access levels when group links change from higher to lower privilege levels
3. Inconsistent behavior when users belong to multiple SCIM groups with different access levels

Proposed Solution

Create a scim_group_memberships table to track which users belong to which SCIM groups. This cache will:

• Maintain a complete record of all user-group relationships managed through SCIM
• Enable proper calculation of effective access levels based on all group memberships
• Support the existing Groups::SyncService with comprehensive group membership data

Possible MRs/tasks

• Create database migration for the new caching table
• Update PATCH/PUT endpoints to maintain cache consistency
• Enhance SyncScimGroupMembersWorker to consider all cached group memberships
• Add background job to validate and repair cache consistency