Fix group permissions during LDAP tests

What does this MR do?

Create the sandbox group with appropriate permissions before the LDAP group sync test starts so that in subsequent tests the LDAP user has permission to the group.

This also restores the original (most likely nil) env personal access token, so that subsequent tests don't perform API calls as the root user while logged in and performing other actions as a non-root LDAP user.

Without this change groups would be created by the root user, so when the LDAP user tried to push, it would not be permitted.

What are the relevant issue numbers?

Closes https://gitlab.com/gitlab-org/quality/nightly/issues/58

Does this MR meet the acceptance criteria?

• [-] Changelog entry added, if necessary
• [-] Documentation created/updated via this MR
• [-] Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• [-] Tested in all supported browsers
• Conforms to the code review guidelines
• Conforms to the merge request performance guidelines
• Conforms to the style guides
• Conforms to the database guides
• Link to e2e tests MR added if this MR has Requires e2e tests label. See the Test Planning Process.
• [-] EE specific content should be in the top level /ee folder
• [-] For a paid feature, have we considered GitLab.com plans, how it works for groups, and is there a design for promoting it to users who aren't on the correct plan?
• [-] Security reports checked/validated by reviewer