mac_do(4): Enhance GID rule validation to check all groups in cr_groups
Previously, the rule validation only checked the primary GID (cr_gid).
This caused issues when applying GID-based rules, as users with matching
secondary groups were not considered valid. This patch modifies both
functions to iterate through all groups in cr_groups to ensure all group
memberships are considered when validating GID-based rules.
For example, a user's primary group is staff (20) and they are also in
the wheel (0) group, this change allows the rule gid=0:any to enable
them to run commands as any user.
Reviewed by: delphij (earlier version), bapt
Differential Revision: https://reviews.freebsd.org/D47304