IPA: Improve DEBUG message if a group has no ipaNTSecurityIdentifier
There was an issue in a production deployment where the admin selected a
GID outside the IDM range for a group that contained a user from the
trusted domain. This resulted in not adding a SID for the IPA group,
which in turn meant the group couldn't be resolved on the client.
This patch just improves the DEBUG message so that it's clearer for the
admins where the issue is.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>