AD/LDAP: do not fall back to mpg user lookup on GC connection
For MPG domains a group lookup might fall back to a user lookup to check
if the request is for a user private group. Since we cannot be sure that
all needed attributes for a user are replicated to the Global Catalog we
do not want to lookup the user during the fall back from the Global
Catalog.
Since we cannot skip Global Catalog lookups for groups completely due to
membership to groups with universal scope this patch adds a flag to tell
the lower level lookup calls to not fall back on connections to a Global
Catalog.
Related to https://pagure.io/SSSD/sssd/issue/3748
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>