Configure users to be ignored when enforcing groups

In some cases it is desirable to preserve particular users that are not backed by any entity in the authoritative user directory.

For instance it may be useful to retain the root user created by default on GitLab during the initial setup for programmatic access from deployment tools like Helm and Ansible.

Or the ghost user that GitLab uses as a placeholder for deleted users.