The permission lookups gets slow when having (too) many registered AD-groups for the users.

For many authorization strategies, there is only a small set of groups that are actually being used. It is therefore unnecessary to iterate over all registered AD-groups when we know that no rules for most groups will be found anyway.

We are implementing a feature to make it optional for Jenkins to ignore Active Directory groups that are not being used by the active Authorization Strategy.