[Fixes #14107] Add configurable sync strategies for Social Account group memberships

[Gpetrak]

This PR was created according to this issue: #14107

Checklist

Reviewing is a process done by project maintainers, mostly on a volunteer basis. We try to keep the overhead as small as possible and appreciate if you help us to do so by completing the following items. Feel free to ask in a comment if you have troubles with any of them.

For all pull requests:

• Confirm you have read the contribution guidelines
• You have sent a Contribution Licence Agreement (CLA) as necessary (not required for small changes, e.g., fixing typos in the documentation)
• Make sure the first PR targets the master branch, eventual backports will be managed later. This can be ignored if the PR is fixing an issue that only happens in a specific branch, but not in newer ones.

The following are required only for core and extension modules (they are welcomed, but not required, for contrib modules):

• There is a ticket in https://github.com/GeoNode/geonode/issues describing the issue/improvement/feature (a notable exemption is, changes not visible to end-users)
• The issue connected to the PR must have Labels and Milestone assigned
• PR for bug fixes and small new features are presented as a single commit
• PR title must be in the form "[Fixes #<issue_number>] Title of the PR"
• New unit tests have been added covering the changes, unless there is an explanation on why the tests are not necessary/implemented

Submitting the PR does not require you to check all items, but by the time it gets merged, they should be either satisfied or inapplicable.

[gemini-code-assist]

Code Review

This pull request introduces a configurable synchronization strategy for user groups during social login, allowing for full, safe, or no synchronization via the SOCIALACCOUNT_SYNC_USER_GROUPS_ON_LOGIN setting. A potential logic error was identified in the SAFE_SYNC mode where an empty group list from the provider could cause the synchronization to skip entirely instead of clearing existing local groups.

[gemini-code-assist]

The SAFE_SYNC check (groups is None or groups == "") is problematic because groups is initialized using or "" on line 293. In Python, [] or "" evaluates to "". This means that if the social provider returns an empty list of groups (indicating the user belongs to no groups), groups will become "", triggering this condition and returning early.

Consequently, SAFE_SYNC will fail to remove a user from their groups when they no longer belong to any groups on the provider side. If the intention was to only skip synchronization when the group data is missing from the response, this logic is currently ambiguous. Additionally, groups is None is redundant here as the value will always be at least an empty string due to the assignment logic.

[Gpetrak]

Done