Backport: Allow composite identity SAs to bypass SAML membership lock

What does this MR do and why?

This is a backport of !236987 (merged) ("Allow composite identity SAs to bypass SAML membership lock") to the 19.0 stable branch.

Original fix summary:

When SAML membership lock conditions hold (lock_memberships_to_saml setting, saml_group_sync licensed feature, and at least one SAML group link on the root ancestor), the ProjectPolicy rule prevents admin_project_member for all non-admins. The earlier fix in !224066 (merged) bypassed invite_project_members for composite identity service accounts but still fell through to super, which checks admin_project_member in the CE creator service.

This fix returns true directly for composite identity service accounts after the eligibility check so they bypass the SAML membership lock the same way they bypass membership_lock and disable_invite_members.

Resolves #596143

Cherry-pick details:

Cherry-picked squash commit a28f7d6e5602acc641a3f496af7b72a38ff36656 from master onto 19-0-stable-ee.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• This MR is backporting a bug fix, documentation update, or spec fix, previously merged in the default branch.
• The MR that fixed the bug on the default branch has been deployed to GitLab.com (not applicable for documentation or spec changes).
• The MR title is descriptive (e.g. "Backport of 'title of default branch MR'"). This is important, since the title will be copied to the patch blog post.
• Required labels have been applied to this merge request
  • severity label and bug subtype labels (if applicable)
  • If this MR fixes a bug that affects customers, the customer label has been applied.
• This MR has been approved by a maintainer (only one approval is required).
• Ensure the e2e:test-on-omnibus-ee job has succeeded, or if it has failed, investigate the failures. If you determine the failures are unrelated, you may proceed. If you need assistance investigating, reach out to a Software Engineer in Test in #s_developer_experience.

Note to the merge request author and maintainer

If you have questions about the patch release process, please:

• Refer to the patch release runbook for engineers and maintainers for guidance.
• Ask questions on the #releases Slack channel (internal only).
• Once the backport has been merged, the commit changes will be automatically deployed to a release environment that can be used for manual validation. See after merging runbook for details.