Limit updating `can_create_group` & `projects_limit` to Enterprise Users

What does this MR do and why?

This MR limits updating user settings by a group's SAML SSO response from provisioned by the group users to enterprise users of the group

Related to #412898 (closed)

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before	After

How to set up and validate locally

1. Make sure the GitLab instance simulates or a SaaS instance since Enterprise Users is a SaaS feature
2. Create a top-level group and configure SAML SSO.
3. Configure SAML response to return can_create_group with false value and projects_limit with 0.
4. Sign in through the group's SAML identity provider to provision a user.
5. Confirm that can_create_group and projects_limit settings hasn't been updated for the user. In Rails console:

User.find_by_username('USERNAME').slice('can_create_group', 'projects_limit')

6. Configure "Automatic claims of enterprise users". For testing purposes on the local environment you can claim the user manually from the Rails console:

User.find_by_username('USERNAME').user_detail.update(enterprise_group_id: GROUP_ID)

7. Sing out and sign in to the user account through the group's SAML identity provider one more time
8. Check the users settings - step 5. Confirm that the user's can_create_group and projects_limit settings are set to false and 0 as per the SAML response.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.