Add Remove Group custom ability

What does this MR do and why?

This adds "Remove group" as a custom role ability, so that it can be added onto any base role.

Issue: #425962 (closed)

Screenshots or screen recordings

Group member with custom role with base access level Guest and the remove_group ability:

As admin	As custom role user

How to set up and validate locally

1. As admin:
   1. create a group and a subgroup and apply the Ultimate license to the top level group
   2. If SaaS mode is:
      • off: Visit http://localhost:3000/admin/application_settings/roles_and_permissions and create a custom role with the Remove group permission enabled, based on Guest access
      • on: Visit http://localhost:3000/groups/#{new_group}/-/settings/roles_and_permissions and create a custom role with the Remove group permission enabled, based on Guest access
   3. Invite a user to the group and assign the new custom role to the user
2. As the new group member with custom access:
   1. Visit http://localhost:3000/groups/#{new_group}/#{new_subgroup}/-/edit and verify the page is accessible and you can delete and restore the group
   2. Verify you can delete and restore the group via REST API:
      • Delete: curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" "http://localhost:3000/api/v4/groups/#{new_subgroup_id}"
      • Restore: curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "http://localhost:3000/api/v4/groups/#{new_subgroup_id}/restore"