Linux: RBAC claims resolution hangs if nested groups have circular dependencies

[RoadTrain]

Describe the bug

Real-world AD deployments can have groups circularly reference each other, e.g. GroupA -> GroupB -> GroupC -> GroupA.
In this case, when nested claims resolution is enabled, Linux clients will hang on recursive resolution at https://github.com/dotnet/aspnetcore/blob/main/src/Security/Authentication/Negotiate/src/Internal/LdapAdapter.cs#L123

To Reproduce

1. Set up any AD server (contoso.com in the example).
2. Add several AD groups so that they reference each other circularly, e.g. GroupA -> GroupB -> GroupC -> GroupA.
3. Add user to any of these groups.
4. Create a simple API project, set up RBAC claims resolution:

            services.AddAuthentication(NegotiateDefaults.AuthenticationScheme).AddNegotiate(options =>
            {
                if (!RuntimeInformation.IsOSPlatform(OSPlatform.Linux))
                {
                    return;
                }

                options.EnableLdap(settings =>
                {
                    settings.Domain = "contoso.com";
                    settings.MachineAccountName = "someuser";
                    settings.MachineAccountPassword = "somepassword";
                });
            });

            services.AddAuthorization();

    [ApiController]
    [Route("api/[controller]")]
    [Authorize(Roles = "GroupA")]
    public class SomeController : Controller
    {
        [HttpGet]
        [Route("someMethod")]
        public async Task<ActionResult<int>> SomeMethod()
        {
            return 1;
        }
     }

5. Run it inside docker container dotnet/aspnet:6.0

Exceptions (if any)

API call hangs, and eventually results in StackOverflowException.

Further technical details

• ASP.NET Core 5.0, 6.0-preview5, via docker dotnet/aspnet:6.0
• Visual Studio 2019

[RoadTrain]

Proposed fix at bba75b7: basically to keep track of already processed groups via HashSet.