Create a Rake task to purge OmniAuth identities that are no longer configured
Related to gitlab-ce#29342
When OmniAuth providers, including LDAP, are 'disabled/no longer configured' the identities remain in the database. On its own this is not particularly a problem, except it's cruft. It technically could cause an issue if the administrator later enables the same OmniAuth provider but it has different data.
To give administrators something to correct this, we should have a Rake task that purges identities where the provider is not configured. We should probably have the ability to set the scope - for example, the administrator may want to purge all invalid identities (LDAP, Kerberos, etc), or they may want to purge only ldapmain
or something else specific.