[BUG] user.present incapable of removing optional groups

[nicholasmhughes]

Description
The user.present state function seems to be incapable of removing optional groups and enforcing idempotent group membership.

Setup
Tested on Debian 10 with the following SLS file:

# /srv/salt/i_am_groop.sls

manage_user:
  user.present:
    - name: debian
    - remove_groups: True
    - optional_groups:
      - adm
      - dialout
      - cdrom
      - floppy
      - sudo
      - audio
      - dip
      - video
      - plugdev
      - user
      - users

Steps to Reproduce the behavior

1. Check the current group membership of a user account:

# salt-call user.info debian --out=yaml

Output:

local:
  fullname: Debian
  gid: 1000
  groups:
  - adm
  - audio
  - cdrom
  - debian
  - dialout
  - dip
  - floppy
  - netdev   # <-- we'll try to remove this guy
  - plugdev
  - sudo
  - users
  - video
  home: /home/debian
  homephone: ''
  name: debian
  other: ''
  passwd: x
  roomnumber: ''
  shell: /bin/bash
  uid: 1000
  workphone: ''

2. Run the state created in the Setup section:

# salt-call state.apply i_am_groop
local:
----------
          ID: manage_user
    Function: user.present
        Name: debian
      Result: True
     Comment: User debian is present and up to date
     Started: 15:45:07.555832
    Duration: 12.089 ms
     Changes:   

Summary for local
------------
Succeeded: 1
Failed:    0
------------
Total states run:     1
Total run time:  12.089 ms

... which runs clean despite not having the netdev group in the list. Running user.info again yields identical output to before:

local:
  fullname: Debian
  gid: 1000
  groups:
  - adm
  - audio
  - cdrom
  - debian
  - dialout
  - dip
  - floppy
  - netdev   # <-- y u no leave???
  - plugdev
  - sudo
  - users
  - video
  home: /home/debian
  homephone: ''
  name: debian
  other: ''
  passwd: x
  roomnumber: ''
  shell: /bin/bash
  uid: 1000
  workphone: ''

Expected behavior
The optional_groups parameter should be idempotent when remove_groups is True (the default).

Versions Report

salt --versions-report

(Provided by running salt --versions-report. Please also mention any differences in master/minion versions.)

Salt Version:
          Salt: 3005+0na.d5dec79
 
Dependency Versions:
          cffi: Not Installed
      cherrypy: Not Installed
      dateutil: Not Installed
     docker-py: Not Installed
         gitdb: Not Installed
     gitpython: Not Installed
        Jinja2: 3.1.2
       libgit2: Not Installed
      M2Crypto: Not Installed
          Mako: Not Installed
       msgpack: 1.0.4
  msgpack-pure: Not Installed
  mysql-python: Not Installed
     pycparser: Not Installed
      pycrypto: 2.6.1
  pycryptodome: 3.15.0
        pygit2: Not Installed
        Python: 3.7.3 (default, Jan 22 2021, 20:04:44)
  python-gnupg: Not Installed
        PyYAML: 6.0
         PyZMQ: 23.2.1
         smmap: Not Installed
       timelib: Not Installed
       Tornado: 4.5.3
           ZMQ: 4.3.4
 
System Versions:
          dist: debian 10 buster
        locale: UTF-8
       machine: x86_64
       release: 4.19.0-21-amd64
        system: Linux
       version: Debian GNU/Linux 10 buster

Additional context
Tested and confirmed in 3004 as well.