WIP: Allow for configuration of LDAP group filter

What does this MR do?

This adds a new configuration setting group_filter, akin to the existing user_filter. It allows GitLab administrators to set an LDAP filter expression that cuts down the entries returned from a search using the attributes appropriate for the local directory setup (e.g. (objectClass=posixGroup) or similar).

As a configuration setting, this is directly exposed to users/administrators.

Are there points in the code the reviewer needs to double check?

The implementation closely follows what is already done for the existing user_filter.

Why was this MR needed?

For certain directory structures, the current LDAP group sync feature is hardly usable. Imagine a university with a directory schema approximately matching the following:

$base
├── alumni
│   ├── groups
│   │   ├── a-group
│   │   └── another-group
│   └── [lots of other non-groupy things]
├── staff
│   ├── groups
│   │   ├── also-a-group
│   │   └── yet-another-group
│   └── [...]
├── students
└── head-honchos

Setting the group_base to $base (required to include all groups) causes GitLab to treat all the other non-group directory entries as groups, displaying lots of confusing entries in the auto-complete web dialog.

Screenshots (if relevant)

Does this MR meet the acceptance criteria?

• Changelog entry added, if necessary
• Documentation created/updated
• API support added
• Tests added for this feature/bug
• Review
  • Has been reviewed by UX
  • Has been reviewed by Frontend
  • Has been reviewed by Backend
  • Has been reviewed by Database
• Conform by the merge request performance guides
• Conform by the style guides
• Squashed related commits together
• Internationalization required/considered
• If paid feature, have we considered GitLab.com plan and how it works for groups and is there a design for promoting it to users who aren't on the correct plan

What are the relevant issue numbers?

Closes gitlab-org/gitlab-ee#334