As discussed in , deleting a group invalidates all user tokens
which can flood the revocation event table if the deleted group
contained thousands of users in the group. This happens regardless
of whether the group had any role assignment or not. This patch makes
it so that only groups that had role assignments to a project or
domain can then invalidate user tokens, otherwise there is no need
to revoke each user token because the group was not assigned any form
of authorization to begin with.