Allow invite other users after enable ldap sync for a group

What does this MR do and why?

Currently, we can't manually invite other ldap users after enabled ldap sync for a group. If we click the Sync now button on the group_members page. It will pop up a window shows Warning: Synchronizing LDAP removes direct members' access. And if we continue click the Sync LDAP button. It will delete the direct members that are not synced by LDAP.

But now some customers want to add additional users to LDAP synchronization. There is no way to do that now, so I made some changes to support it.

Suppose there are two groups in the ldap server, group A and group B, and there are three users in group A, one user in group B.

A: user1, user2, user3

B: user4

And there is a GitLab group ldap-test, then we configure the ldap-test group to sync users that in ldap group A. The program will create three group_members for group ldap-test, they are user1, user2 and user3. Then we invite the user4 to the ldap-test. And we click the Sync now button in group_members page.

Before

The user4 will be removed.

After

The user4 will not be removed.

/cc @prajnamas

Screenshots or screen recordings

How to set up and validate locally

1. Enable FF ldap_settings_unlock_groups_by_owners, enable ApplicationSettings allow_group_owners_to_manage_ldap.
2. Configure LDAP to synchronize users in ldap group a for Gitlab group A.
3. Invite some members(They must be ldap users outside the currently set synchronization group) for group A.
4. Click Sync now button in group members page.
5. The users that we manually invite by step 3 will be removed from group A.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.