Allow to configure a regex based filtering of groups to be synchronized when no explicit groups mapping is present

Today, when group synchronization is enabled and no group mapping is explicitly set up, all the groups are synchronized, they're all considered to be part of an "implicit mapping". This includes all groups from the claim sent by the identity server (the user is added in these groups) but also all other local groups, from which the user is removed if they're not part of the claim (which is normal).

This new feature is about adding some configuration that would allow specifying, with regular expressions, which groups should be synchronized as part of this "implicit" mapping (which would include groups from the claim but also from the local groups).

This would allow controlling the groups mapping for sync, but without explicitly naming all the groups as an explicit mapping would. It would be useful especially when there are many groups to synchronize (such that they cannot be added in the explicit mapping) and when they can change dynamically on the identity server side (new roles added), as it would create them on the fly.