Google Apps OpenID support is deprecated some time ago. As such, there's no value in GoogleAppSsoSecurityRealm for new users.
This code needs to be kept around for backward compatibility for those who are upgrading, but it is not desirable that this unusable option shows up in the UI for new users who install the OpenID plugin.
We should improve the display name to indicate that this security realm is deprecated, and have the help text updated to point to the new plugin.
Also, we should drop this extension for new users. One way to do this is to define readResolve() in GoogleAppSsoSecurityRealm, so that it creates $JENKINS_HOME/GoogleAppSsoSecurityRealm.flag marker file, to indicate that this installation ever used GoogleAppSsoSecurityRealm. Then in an initializer method, if this marker file is not present, drop its Descriptor from ExtensionList.