fix empty cas group replication

[cbeyer42]

If CAS doesn't provide any groups the local groups in SonarQube won't be updated but sometimes it's intended to remove all groups from an user.

To achieve this goal the group replication needs to be configurable so you can decide which application should manage the groups.

Steps to reproduce the faulty behaviour:

1. Have user with exactly one group (namely the admin group)
2. login user
3. logout user
4. remove the admin group from the user so there no more groups associated with the user
5. login user
6. User still has admin privileges

[ppxl]

This bug was introduced with PR #24

[ppxl]

A new sonar.properties entry of sonar.cas.groupReplication = CAS should be set if full CAS group replication is desired.