LDAP: Don't add a user member twice when adding a primary group
    
    https://fedorahosted.org/sssd/ticket/2406
    
    In the AD case, deployments sometimes add groups as parents of the
    primary GID group. These groups are then returned during initgroups
    in the tokenGroups attribute and member/memberof links are established
    between the user and the group. However, any update of these groups
    would remove the links, so a sequence of calls: id -G user; id user; id
    -G user would return different group memberships.
    
    Our code errored out in the rare case when the user was *also* an LDAP
    member of his primary group.
    
    Reviewed-by: Pavel Reichl <preichl@redhat.com>