SDAP: Set initgroups expire attribute at the end
    
    Initgrups consisted of two main steps:
    1. store user to cache
    2. store all user groups to cache.
    
    Previously the attribute SYSDB_INITGR_EXPIRE was set in the first step.
    So in case of epmty cache and parallel initgroups request in responders
    there was a small period when SYSDB_INITGR_EXPIRE was valid but groups were
    not cached. Therefore sometime responder could return zero supplementary
    groups.
    
    This patch moves the setting of initgroups expire attribute from 1st step
    to the end of 2nd step.
    
    In case of parallel initgroups requests in responder there are two
    other ways how we could get correct results even thought there was a bug.
     a) Time between two request was too small. User was not stored in cache
        yet and 2nd request waited for response from DP.
     b) Time between two request was big enough. All users groups were
        successfully stored in cache and 2nd request returned correct results.
    
    Resolves:
    https://fedorahosted.org/sssd/ticket/2634
    
    Reviewed-by: Pavel Březina <pbrezina@redhat.com>
    (cherry picked from commit d0cc678d20d8bde829450eb50bec1b7397cea3e1)
    (cherry picked from commit 9ae6567a573c05ba59d1138cfda94b44732019e8)