FIX: limit number of users addable to group at once (#10510)

When someone wants to add > 1000 users at once they will hit a timeout.
Therefore, we should introduce limit and inform the user when limit is exceeded.

app/controllers/groups_controller.rb

@@ -36,6 +36,7 @@ class GroupsController < ApplicationController
       groups.where(automatic: true)
     }
   }
+  ADD_MEMBERS_LIMIT = 1000
 
   def index
     unless SiteSetting.enable_group_directory? || current_user&.staff?
@@ -329,6 +330,11 @@ class GroupsController < ApplicationController
         'usernames or emails must be present'
       )
     end
+    if users.length > ADD_MEMBERS_LIMIT
+      return render_json_error(
+        I18n.t("groups.errors.adding_too_many_users", limit: ADD_MEMBERS_LIMIT)
+      )
+    end
     usernames_already_in_group = group.users.where(id: users.map(&:id)).pluck(:username)
     if usernames_already_in_group.present? && usernames_already_in_group.length == users.length
       render_json_error(I18n.t(