Remove user from groups when they are removed from LDAP

Fixes #159 

Currently, we only update user permissions if they come back from LDAP
as a valid user. I refactored some things in the `access.rb` file so we
update permissions no matter what. Now the user is removed from groups
and admin access is revoked, in addition to the previous behavior of
blocking the user.

See merge request !124