Add support for allowed_groups in LDAP config

[agoddard]

We presently support allowed_groups in Sensu LDAP config: https://github.com/sensu/sensu-go-chef#sensu_auth_ldap however this isn't supported in the chef sensu_auth_ldap resource.

Sensu internal ref: https://secure.helpscout.net/conversation/1626527825/27007?folderId=4499530

[derekgroh]

Could you provide the content of helpscout here for context?

Do you have examples of how this should work directly to setup validation tests?

[agoddard]

@derekgroh I think that now the allowed_groups option is available on the sensu side for the config, the needs is just to allow it to be specified (where necessary) in the sensu_auth_ldap resource, unless there's a preferred mechanism for adding arbitrary keys to the resource?

It's a non-required sensu config param, an array of strings with no default, the description of which is:

"An array of allowed LDAP group strings to include in the tokenized identity claim. Use to specify which groups to encode in the authentication provider’s JSON Web Token (JWT) when the authenticated LDAP user is a member of many groups and the tokenized identity claim would be too large for correct web client operation."