When creating an authentication map that has "Groups" as a trigger the only operations that are shown are "or" and "and" (see attached screenshot). Looking at the trigger definition, there is also a "not" operation. In total we should have `has_or`, `has_and`, and `has_not` operations.

It is possible to use `has_not` by editing the authentication map via the API, and I assume also with the `ansible.platform.authenticator_map` and `infra.aap_configuration.gateway_authenticator_maps` modules/roles.

Please add the "not" operation as an option to authentication maps with the "Groups" trigger.

This would also enabled us to present a replacement for "LDAP Deny Group" which was available in AAP 2.4 and is seemingly gone in AAP 2.5. Many customers see this as a regression.