Allow apps to configure additional LDAP group memberships for session data and auth

In order to support special group permissions yet leverage existing config, auth, and session classes enable:

1. Allow a list of ldap groups to be configured.
2. In `session.py` if an ldap group list is present extend the session data to create a list of extra groups that the user is a member of.
3. In `auth.py` and support for requiring a session's user be a member of a specific extra group.