Support `Authenticator.manage_groups=True`

`auth_state.groups` should be a list of groups the user belongs to (if we can obtain it)

This can then be used to implement conditional logic based on the authenticated user's group membership.

EDIT: reference https://jupyterhub.readthedocs.io/en/latest/reference/api/auth.html#jupyterhub.auth.Authenticator.manage_groups